Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
Analysis ID:1483536
MD5:28a85ba5396fcfa8a5f794f04dce35e4
SHA1:c730d730e167d68a41a8382823c181ff9a75a891
SHA256:d77fbaa35585f25de3f492e4e3d0bfa6f0f73b053fd6a64058766fef75eca04e
Tags:exe
Infos:

Detection

PureLog Stealer
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:52
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected PureLog Stealer
Submitted sample is a known malware sample
.NET source code contains method to dynamically call methods (often used by packers)
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking locale)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs Task Scheduler Managed Wrapper
Sigma detected: Dot net compiler compiles file from suspicious location
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Downloader
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Compiles C# or VB.Net code
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe (PID: 7376 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe" MD5: 28A85BA5396FCFA8A5F794F04DCE35E4)
    • SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp (PID: 7432 cmdline: "C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp" /SL5="$10408,29086952,780800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe" MD5: C47A946F3D41363C77CA4C719516E49B)
      • prod0.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true MD5: D1495CE1E0A925ADE7F92355F121DF16)
        • w0jpn3s4.exe (PID: 8084 cmdline: "C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe" /silent MD5: 6613E98A6EFF88810424C120EA6901E8)
          • UnifiedStub-installer.exe (PID: 8164 cmdline: .\UnifiedStub-installer.exe /silent MD5: C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA)
            • rsSyncSvc.exe (PID: 7276 cmdline: "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10 MD5: CC7167823D2D6D25E121FC437AE6A596)
              • conhost.exe (PID: 5344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • saBSI.exe (PID: 7988 cmdline: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • WZSetup.exe (PID: 8072 cmdline: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123 MD5: 3C17F28CC001F6652377D3B5DEEC10F0)
        • WeatherZeroService.exe (PID: 2984 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install MD5: 2B149BA4C21C66D34F19214D5A8D3067)
          • conhost.exe (PID: 316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WeatherZeroService.exe (PID: 5336 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent MD5: 2B149BA4C21C66D34F19214D5A8D3067)
          • conhost.exe (PID: 748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • CheatEngine75.exe (PID: 8148 cmdline: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: E0F666FE4FF537FB8587CCD215E41E5F)
        • CheatEngine75.tmp (PID: 6312 cmdline: "C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: 9AA2ACD4C96F8BA03BB6C3EA806D806F)
          • net.exe (PID: 7416 cmdline: "net" stop BadlionAntic MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 7396 cmdline: C:\Windows\system32\net1 stop BadlionAntic MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • net.exe (PID: 1876 cmdline: "net" stop BadlionAnticheat MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • conhost.exe (PID: 616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 652 cmdline: C:\Windows\system32\net1 stop BadlionAnticheat MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • sc.exe (PID: 3656 cmdline: "sc" delete BadlionAntic MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • conhost.exe (PID: 1600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 604 cmdline: "sc" delete BadlionAnticheat MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • conhost.exe (PID: 1824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • _setup64.tmp (PID: 2016 cmdline: helper 105 0x84 MD5: E4211D6D009757C078A9FAC7FF4F03D4)
            • conhost.exe (PID: 1880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • icacls.exe (PID: 4712 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)
            • conhost.exe (PID: 2148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Kernelmoduleunloader.exe (PID: 2296 cmdline: "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP MD5: 9AF96706762298CF72DF2A74213494C9)
          • windowsrepair.exe (PID: 4984 cmdline: "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s MD5: 9A4D1B5154194EA0C42EFEBEB73F318F)
          • icacls.exe (PID: 5324 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)
            • conhost.exe (PID: 2832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Cheat Engine.exe (PID: 3688 cmdline: "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe" MD5: F921416197C2AE407D53BA5712C3930A)
        • cheatengine-x86_64-SSE4-AVX2.exe (PID: 6784 cmdline: "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe" MD5: 910DE25BD63B5DA521FC0B598920C4EC)
  • svchost.exe (PID: 8032 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rsSyncSvc.exe (PID: 7016 cmdline: "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10 MD5: CC7167823D2D6D25E121FC437AE6A596)
  • Uninstall.exe (PID: 1704 cmdline: "C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=UnifiedStub MD5: 8157D03D4CD74D7DF9F49555A04F4272)
    • Stub.exe (PID: 7480 cmdline: "C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe" /products=epp /auto-repair=UnifiedStub MD5: 6613E98A6EFF88810424C120EA6901E8)
      • UnifiedStub-installer.exe (PID: 6392 cmdline: .\UnifiedStub-installer.exe /products=epp /auto-repair=UnifiedStub MD5: C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA)
  • WeatherZeroService.exe (PID: 4568 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" MD5: 2B149BA4C21C66D34F19214D5A8D3067)
    • WeatherZero.exe (PID: 7424 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /q=DF4E7397994EE5D86AD1C8FEEA899434 MD5: 7DC1C6AB3BF2DD1C825914F7F6F31B45)
      • csc.exe (PID: 7864 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline" MD5: 2B9482EB5D3AF71029277E18F6C656C0)
        • conhost.exe (PID: 6776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cvtres.exe (PID: 5360 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8926.tmp" "c:\Users\user\AppData\Local\Temp\CSC8925.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 6 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 1 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      21.3.Stub.exe.2ea1058.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        10.3.w0jpn3s4.exe.2e89f48.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          12.2.UnifiedStub-installer.exe.171ee760000.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                            12.2.UnifiedStub-installer.exe.171ee650000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              45.2.UnifiedStub-installer.exe.27d70270000.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                Click to see the 13 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Dynamic CSharp Compile Artefact
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, ProcessId: 7424, TargetFilename: C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline
                                Sigma detected: Net.exe Execution
                                Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp, ParentProcessId: 6312, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 7416, ProcessName: net.exe
                                Sigma detected: Stop Windows Service Via Net.EXE
                                Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp, ParentProcessId: 6312, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 7416, ProcessName: net.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 8032, ProcessName: svchost.exe

                                Data Obfuscation

                                barindex
                                Sigma detected: Dot net compiler compiles file from suspicious location
                                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, ParentCommandLine: "C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /q=DF4E7397994EE5D86AD1C8FEEA899434, ParentImage: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, ParentProcessId: 7424, ParentProcessName: WeatherZero.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline", ProcessId: 7864, ProcessName: csc.exe

                                Snort Signatures

                                No Snort rule has matched

                                Suricata Signatures

                                Timestamp:2024-07-28T00:27:09.914983+0200
                                SID:2803305
                                Source Port:49794
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Unknown Traffic
                                Timestamp:2024-07-28T00:24:39.729731+0200
                                SID:2022930
                                Source Port:443
                                Destination Port:49716
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:45.629458+0200
                                SID:2803274
                                Source Port:49751
                                Destination Port:443
                                Protocol:TCP
                                Classtype:Potentially Bad Traffic
                                Timestamp:2024-07-28T00:24:39.490719+0200
                                SID:2053283
                                Source Port:49715
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:27:12.305621+0200
                                SID:2803305
                                Source Port:49794
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Unknown Traffic
                                Timestamp:2024-07-28T00:25:47.368006+0200
                                SID:2803305
                                Source Port:49757
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Unknown Traffic
                                Timestamp:2024-07-28T00:24:35.603984+0200
                                SID:2053283
                                Source Port:49713
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:04.841351+0200
                                SID:2053283
                                Source Port:49722
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:28.668087+0200
                                SID:2053283
                                Source Port:49750
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:27:11.118206+0200
                                SID:2803305
                                Source Port:49794
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Unknown Traffic
                                Timestamp:2024-07-28T00:24:34.165315+0200
                                SID:2053283
                                Source Port:49712
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:24:36.741116+0200
                                SID:2053283
                                Source Port:49714
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:07.422940+0200
                                SID:2053283
                                Source Port:49724
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:18.037392+0200
                                SID:2022930
                                Source Port:443
                                Destination Port:49741
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:09.261956+0200
                                SID:2053283
                                Source Port:49727
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:25:46.479746+0200
                                SID:2803274
                                Source Port:49759
                                Destination Port:443
                                Protocol:TCP
                                Classtype:Potentially Bad Traffic
                                Timestamp:2024-07-28T00:25:48.664849+0200
                                SID:2803305
                                Source Port:49757
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Unknown Traffic
                                Timestamp:2024-07-28T00:24:28.710730+0200
                                SID:2053280
                                Source Port:49708
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-28T00:24:30.158856+0200
                                SID:2053283
                                Source Port:49709
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeAvira: detected
                                Multi AV Scanner detection for submitted file
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeReversingLabs: Detection: 47%
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006214F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,7_2_006214F0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006217A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,7_2_006217A0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D5870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,7_2_005D5870
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D6220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,7_2_005D6220
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060E610 CryptMsgClose,7_2_0060E610
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D67B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,7_2_005D67B0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,7_2_0060EB60
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,7_2_0060F150
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,7_2_0060F3C0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D014A0 CryptQueryObject,GetLastError,CryptMsgGetParam,GetLastError,LocalAlloc,CryptMsgGetParam,GetLastError,CertFindCertificateInStore,GetLastError,CertGetNameStringW,CertGetNameStringW,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,14_2_00007FF6E2D014A0

                                Compliance

                                barindex
                                Uses 32bit PE files
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Creates a directory in C:\Program Files
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P76J3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-456E6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-K6NOS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-653CG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-TEE86.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-GIM1T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UASEP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P71CB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-48QIF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-9L3C9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-56DLJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-SH0DD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-HR2IO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-MDBKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8NO2Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-L2PUE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-TBN24.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-445MR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-62AE0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UUIGM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PM6UG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-VRN50.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-66DVM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FA58B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-LONV1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-QVTSQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IEG10.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-I3P27.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-30M5G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-LIV87.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-MHAH0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-SR055.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FQI7K.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UNDL2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q14SF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-CT7MQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-N074Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-3I2TU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-ALERU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-T0NJ5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-56CDG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-VJAGE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-4EMRA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-N19UV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-E3SJF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-TN157.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-V94MA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-HVU4U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-R0CCE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IH693.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-QDDCM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-QVL3T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-P1OI6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IH1SQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H0H27.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-PL7EI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-5QK2E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U9AL3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-TCOUL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UJRBL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-D9LUV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-6DBQN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IJLDN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-16QLV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-KQ7DG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-GJBAD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-RORV5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q88S7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-MLHNP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FBFKT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-OM56O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H4P16.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-PLCBK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-5S5V0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-N8AS7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-OS3RJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-O7AQM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-PJ81E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-H55RB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-2ETM7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-IHAQQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-QS28U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-TAC3S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-I9CFP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F725L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-MAPM9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-CLEPH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-DQTR2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-M0CP2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-8CHU6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-HKO42.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VASUQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-O0QMM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-KCJ9D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-Q19F8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-KQ8LN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-0VU4B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-8UGKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-AHPAR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-829EK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L2PBP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2TDGS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-JMHAI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-507C7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-6MCQN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-8G42J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-VEC65.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-BU058.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NR52U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2B2L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-V4JPD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L7T4G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2H8Q5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2RTP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-97V42.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-3V98M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UAG9R.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-SQ74J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-C340L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KQIIG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-V06UU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2S9FE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-U2CT4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-D1IC7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-V69K2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-7EOVH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-NPLE1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-5FQ0P.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-QF8HR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-KRF7B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-IBEK7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-P39QR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-3GGR6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-L7MP3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-59ART.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2B7C6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NGAGF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DN8FP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7U2AH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8QV7J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-9H2D7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4NNEJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1V2FL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-U4AO6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5CHJ4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-VJFB4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-H4LP9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T1MFB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1D49U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TU5C3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-RFU96.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-3I4LR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-AETTC.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-B82C9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-A5053.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5828D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-O2MT6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-1COQD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BKFMP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4OCNP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-HPQT5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1EQP8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-65VBV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TEO8P.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5B6L1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-0GFVI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-DJDME.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UMLK2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-L160H.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-DPBO1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-O5JBT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-29O6E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-E0HVD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-VP31G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-M1H65.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-FIS0L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TOELE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TN2EL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-MMU2T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4MBNE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-6B9AC.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-2V468.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-FVL3U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-7F6JI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-P0M9U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-1R632.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-203EV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-7H6HO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-7C6BB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-GVNPU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VLRG6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-FVK1L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-G2L49.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-V029I.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LQITA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-15NU9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-C4IQ9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-B19QJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MPO1C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-SDETK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-SHOE4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VR3GO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-D5CF5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-MROTH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4OTKH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-73TJP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-RDFDD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-EV9VL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-ESUM8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4ATFF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-01JMQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-MOO9Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CV2G2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-1ATJI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-QKA5O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-8U0IN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-46BJP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-EFHQA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-G4416.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SQ72U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DS67S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-BBPDR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-0BMDT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-KF0PG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-95RBK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-4N9VJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-9CC1K.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-2GR34.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-PE5UP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-202E9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-Q2NM4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-Q0C0I.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-0HC52.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-IEPCM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-K5294.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-62O6J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-RLT67.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-R3J1H.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-7IOSD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-1EOTV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-UEFE1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-RVN7J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-34QLM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-MV23D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RKUC8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-QC7DK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-TF6UO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SP87M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JE8KI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-5DKMA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-23B5A.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-3Q6FH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-67DUQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-IKLOG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M3GR5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SN4JM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JRD6M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-NRSUS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-FNBM0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-S3T0U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-MI2BU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-G2E86.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt
                                Creates a software uninstall entry
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReasonLabs-EPP
                                Creates install or setup log file
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UnifiedStub-installer.exe.log
                                PE / OLE file has a valid certificate
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: certificate valid
                                Uses new MSVCR Dlls
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll
                                Uses secure TLS version for HTTPS connections
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49708 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49710 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49711 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49712 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49713 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49714 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49715 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49718 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.239.36.94:443 -> 192.168.2.9:49719 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49720 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49722 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.239.36.94:443 -> 192.168.2.9:49723 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49724 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49725 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49729 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49732 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49733 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.96:443 -> 192.168.2.9:49750 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.67.35.220:443 -> 192.168.2.9:49751 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49766 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49769 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49776 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49777 version: TLS 1.2
                                Contains modern PE file flags such as dynamic base (ASLR) or NX
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Binary contains paths to debug symbols
                                Source: Binary string: UxTheme.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114151959.0000000008543000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2073007124.00000000086C3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2073007124.00000000086C3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\git\cheat-engine\Cheat Engine\bin\tcc64-64.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2103673109.00000000089B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\git\cheat-engine\Cheat Engine\bin\tcc64-64.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2103673109.00000000089B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcrt.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.00000000073E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2065979973.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057668772.0000000007E22000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E22000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb< source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, rsSyncSvc.exe, 0000000E.00000000.1827291162.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 0000000E.00000002.1831277656.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000002.3797829292.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000000.1828808226.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.000000000740A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2145683741.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114356638.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: XInput1_4.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2170265805.0000000007CDB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsDatabase.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: UxTheme.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114151959.0000000008543000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb$1>1 01_CorExeMainmscoree.dll source: prod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: WLDP.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2138322273.0000000008AA3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb@ source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2126017494.0000000008AFE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, rsSyncSvc.exe, 0000000E.00000000.1827291162.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 0000000E.00000002.1831277656.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000002.3797829292.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000000.1828808226.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gdi32full.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2049294988.00000000073DB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: win32u.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057236647.0000000007246000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.000000000884B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2145683741.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114356638.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: imm32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073FE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsock32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2054994070.0000000007E28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsAtom.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: opengl32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072459344.0000000007E1C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2063702992.0000000007D4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WLDP.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2138322273.0000000008AA3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb source: prod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: rsTime.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: imm32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073FE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2051458226.00000000073EC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2126017494.0000000008AFE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gdi32full.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2049294988.00000000073DB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubLib\obj\Release\rsStubLib.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2263241058.0000027D6EA72000.00000002.00000001.01000000.00000031.sdmp
                                Source: Binary string: ole32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2067473100.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073F8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: version.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2071978305.0000000007E16000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E16000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: user32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2050941437.0000000007240000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2065979973.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: opengl32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072459344.0000000007E1C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\ArchiveUtility\bin\Release\x64\ArchiveUtility.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\UnifiedStub\obj\Release\UnifiedStub.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: hhctrl.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.0000000008669000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.000000000884B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Windows.Storage.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2131002321.0000000008A11000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2063702992.0000000007D4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: hhctrl.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.0000000008669000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: added an option to skip loading .PDB files source: CheatEngine75.exe, 0000000B.00000003.1980465629.0000000002318000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1805063849.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000024C7000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1969188017.0000000000B34000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1968925907.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1970251372.00000000037B1000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: ole32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2067473100.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073F8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubRunner\rsStubRunner\bin\Release\x64\rsStubRunner.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Uninstall.exe, 00000012.00000000.1832523889.00007FF7FCFE6000.00000002.00000001.01000000.0000001A.sdmp, Uninstall.exe, 00000012.00000002.1837658378.00007FF7FCFE6000.00000002.00000001.01000000.0000001A.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.000000000740A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: version.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2071978305.0000000007E16000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E16000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdbx source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: comctl32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057668772.0000000007E22000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E22000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsock32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2054994070.0000000007E28000.00000004.00000020.00020000.00000000.sdmp
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00659BF0 FindFirstFileExW,7_2_00659BF0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,9_2_00405A19
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004065CE FindFirstFileA,FindClose,9_2_004065CE
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004027AA FindFirstFileA,9_2_004027AA
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00404EC1 FindFirstFileW,10_2_00404EC1
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFDCA9C FindFirstFileExW,18_2_00007FF7FCFDCA9C
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00417980 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError,SetLastError,40_2_00417980
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00417E10 FindFirstFileExW,FindClose,40_2_00417E10
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmpJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extractJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\userJump to behavior

                                Networking

                                barindex
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: 48.0.WeatherZero.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e89f48.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e79f48.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, type: DROPPED
                                Source: global trafficHTTP traffic detected: GET /ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true&oip=26&ptl=7&dta=true&pds=%5bepp%2cvpn%2cdns%5d HTTP/1.1Host: shield.reasonsecurity.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1905Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1954Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1923Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1953Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1935Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1905Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: application/jsonContent-Type: application/json; charset=utf-8Host: track.analytics-data.ioContent-Length: 1934Expect: 100-continueConnection: Close
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.orgConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                                Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: unknownDNS query: name: ip-api.com
                                Source: global trafficHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 125Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 276Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 352Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 339Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 344Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 334Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 353Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 355Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 343Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 298Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Host: ip-api.comConnection: Keep-Alive
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D0FAA0 URLDownloadToFileA,14_2_00007FF6E2D0FAA0
                                Source: global trafficHTTP traffic detected: GET /f/RAV_Triple_NCB/images/DOTPS-855/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /f/WebAdvisor/images/943/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /f/WeatherZero/images/969/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /rsStubActivator.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: shield.reasonsecurity.com
                                Source: global trafficHTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /f/WeatherZero/files/969/WZSetup.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3cored83b0wp2.cloudfront.net
                                Source: global trafficHTTP traffic detected: GET /ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true&oip=26&ptl=7&dta=true&pds=%5bepp%2cvpn%2cdns%5d HTTP/1.1Host: shield.reasonsecurity.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /cesharelist.txt HTTP/1.1User-Agent: Cheat Engine 7.5 : luascript-ceshareHost: cheatengine.org
                                Source: global trafficHTTP traffic detected: GET /latestversion.txt HTTP/1.1User-Agent: Cheat Engine 7.5 : luascript-CEVersionCheckHost: cheatengine.org
                                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.orgConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficHTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.org
                                Source: global trafficDNS traffic detected: DNS query: d3cored83b0wp2.cloudfront.net
                                Source: global trafficDNS traffic detected: DNS query: shield.reasonsecurity.com
                                Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
                                Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
                                Source: global trafficDNS traffic detected: DNS query: localweatherfree.com
                                Source: global trafficDNS traffic detected: DNS query: track.analytics-data.io
                                Source: global trafficDNS traffic detected: DNS query: cheatengine.org
                                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                                Source: global trafficDNS traffic detected: DNS query: api.openweathermap.org
                                Source: unknownHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 125Host: d3cored83b0wp2.cloudfront.net
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1770837207.0000000005084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1788780217.000000000B72D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209800750.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333176448.0000000005C12000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2206880037.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2213739178.0000000005C94000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333265258.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333121810.0000000005BD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1770837207.0000000005084000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333265258.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2213739178.0000000005C94000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRov
                                Source: saBSI.exe, saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/ns#
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, prod0.exe, 00000006.00000002.3812184865.0000025F23B42000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799680769.0000000003302000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1789155539.0000000003302000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1939293356.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1862506896.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1842581371.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1949903464.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1883756708.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1810916900.0000000000664000.00000004.00000020.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE5C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214066009.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214801931.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332506710.0000000005749000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                Source: CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1770837207.0000000005084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1788780217.000000000B72D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209800750.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333176448.0000000005C12000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2206880037.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2213739178.0000000005C94000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrusr
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333265258.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333121810.0000000005BD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                Source: saBSI.exe, 00000007.00000003.2203216807.00000000056FF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2202320592.00000000056FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                                Source: saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                                Source: saBSI.exe, 00000007.00000002.2332042305.0000000005690000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9effd31ce7a5d
                                Source: saBSI.exe, 00000007.00000002.2331377609.000000000335B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabl
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d14mh4uvqj4iiz.cloudfront.net
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Weather.Zero;component/Fonts/UltLt/X
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Weather.Zero;component/Fonts/UltLt/helveticaneueltstd-ultlt.otf
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Weather.Zero;component/X
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Fonts/UltLt/helveticaneueltstd-ultlt.otf
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/ultlt/helveticaneueltstd-ultlt.otf
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
                                Source: WZSetup.exe, WZSetup.exe, 00000009.00000003.1944373884.0000000002941000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmp, WZSetup.exe, 00000009.00000000.1790821081.000000000040A000.00000008.00000001.01000000.00000011.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
                                Source: WZSetup.exe, 00000009.00000003.1944373884.0000000002941000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmp, WZSetup.exe, 00000009.00000000.1790821081.000000000040A000.00000008.00000001.01000000.00000011.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1770837207.0000000005084000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333265258.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333121810.0000000005BD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2213739178.0000000005C94000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1770837207.0000000005084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1788780217.000000000B72D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209800750.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333176448.0000000005C12000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2206880037.0000000005CD7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2213739178.0000000005C94000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2204981308.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333265258.0000000005D11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212092803.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2212307866.0000000005E10000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2333121810.0000000005BD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214066009.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214801931.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332506710.0000000005749000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                Source: CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/WeatherZero.Weather
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/dS~j
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214066009.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214801931.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332506710.0000000005749000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shield.reasonsecurity.com
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wiki.lazarus.freepascal.org/fpvectorial)
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000076C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                                Source: saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
                                Source: saBSI.exe, 00000007.00000002.2331377609.000000000335B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com
                                Source: saBSI.exe, 00000007.00000003.1799680769.0000000003302000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/DM
                                Source: saBSI.exe, 00000007.00000003.1789155539.00000000032BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/Z
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799361236.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000326B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record&
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordpM
                                Source: saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
                                Source: saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recorde=
                                Source: saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beta.reasonlabs.com/contact-us?prod=2&utm_source=vpn_uninstall&utm_medium=home_contact_suppo
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beta.reasonlabs.com/contact-us?prod=3&utm_source=safer_web_uninstall_home&utm_medium=contact
                                Source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2145683741.0000000009244000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2156017165.0000000009244000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114356638.0000000009244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/cesharelist.txta
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/tutorial.php?tutorial=
                                Source: CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/tutorial.php?tutorial=open
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.000000000222E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.0000000003614000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000BA2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.00000000036E9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.000000000222E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.0000000003614000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000BA2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.0000000007600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/CheatEngine/1032/CheatEngine75.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/CheatEngine/1032/CheatEngine75.exee
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/RAV_Triple_NCB/images/DOTPS-855/EN.png
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1543457419.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/RAV_Triple_NCB/images/DOTPS-855/EN.pngOTPS-554/WcInstaller.z
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000C54000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/files/969/WZSetup.zip
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1516870226.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipFF/DOTPS-554/WcInstaller.zi
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000005060000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipG
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.0000000000869000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.0000000004FDC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/images/969/EN.png
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000005060000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip.png
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip.pngi
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip60
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.000000000506B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005052000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.000000000506E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipi
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000089A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.0000000000899000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipjh
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.0000000000869000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.0000000004FDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/images/943/EN.png
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/images/943/EN.png#
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.0000000004FDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/images/943/EN.png5U
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.000000000222E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.000000000372D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.0000000003614000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000BA2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/o
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.000000000222E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2117537975.000000000B713000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.000000000372D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076144559.000000000B710000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2078418777.0000000003614000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000BA2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026464260.000000000B710000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2074595298.000000000B713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/zbd
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2117537975.000000000B713000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076144559.000000000B710000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026464260.000000000B710000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2074595298.000000000B713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/zbdCu
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net/zbdtmp
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3cored83b0wp2.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://electron-shell.reasonsecurity.com/v
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dahall/taskscheduler
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000000.1330090630.0000000000401000.00000020.00000001.01000000.00000003.sdmp, CheatEngine75.exe, 0000000B.00000000.1804137236.000000000040E000.00000020.00000001.01000000.00000016.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                                Source: WZSetup.exe, 00000009.00000002.1949709541.0000000000626000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/
                                Source: WZSetup.exe, 00000009.00000003.1883756708.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1949709541.0000000000626000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1883756708.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecast
                                Source: WZSetup.exe, 00000009.00000003.1842581371.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecast%2FfkwlwdntNgsZBS6xkoP9Q8IgGPBeZ2NqA6cmXL97ZS3kla4x5dUchOIOpWLf
                                Source: WZSetup.exe, 00000009.00000003.1862506896.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecast:m
                                Source: WZSetup.exe, 00000009.00000002.1948434458.00000000005A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecastQ
                                Source: WZSetup.exe, 00000009.00000003.1862506896.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecasti7w947mUg75BtxgJZJoRVLI4DJork8ThpNXc%2F0yBkAljIwdZIqwSEPb0ACjZy
                                Source: WZSetup.exe, 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpString found in binary or memory: https://localweatherfree.com/forecastlocation=iTJgMOlnSusuXtijzQnm4ZHNj%2FtDF0FzBx%2B%2BXrVbWyLHK26v
                                Source: WZSetup.exe, 00000009.00000002.1948434458.00000000005A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecastp
                                Source: WZSetup.exe, 00000009.00000003.1939293356.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1842581371.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1949903464.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecastt
                                Source: WZSetup.exe, 00000009.00000003.1939293356.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1949903464.0000000000664000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1883756708.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/forecast~m
                                Source: WZSetup.exe, 00000009.00000003.1939293356.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localweatherfree.com/y
                                Source: UnifiedStub-installer.exe, 0000002D.00000002.2263241058.0000027D6EA72000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: https://logziop.reasonsecurity.com
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/?utm_source=safer_web_uninstall_home&utm_medium=website_link&ruserid=
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/contact-us?prod=2&utm_source=vpn_uninstall&utm_medium=home_contact_support&ru
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/contact-us?prod=3&utm_source=safer_web_uninstall_home&utm_medium=contact_supp
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/packages/essential?utm_source=rav_uninstall&utm_medium=home_website_
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/products/rav/privacy-policy?utm_source=rav_antivirus_installer
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/products/rav/terms?utm_source=rav_antivirus_installer
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1772573322.0000000005054000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000005054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policie
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2113782558.0000000005024000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.0000000005052000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.0000000005054000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005052000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026464260.000000000B710000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2074595298.000000000B713000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.0000000005052000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000005054000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesm/rsSt
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesrivacy-policyisor/files/1489/saBSI.zip.png
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com?utm_source=vpn_uninstall&utm_medium=home_website_link&ruserid=
                                Source: saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1813652876.00000000032BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
                                Source: saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/J~
                                Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
                                Source: saBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2331377609.000000000335B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
                                Source: saBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
                                Source: saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.0000000005680000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
                                Source: saBSI.exe, 00000007.00000003.1845731860.0000000005698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
                                Source: saBSI.exe, 00000007.00000003.1847129818.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmly
                                Source: saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
                                Source: saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmly
                                Source: saBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
                                Source: saBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316153316.00000000056A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316153316.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2315784248.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
                                Source: saBSI.exe, saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1813652876.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
                                Source: saBSI.exe, 00000007.00000003.1799680769.0000000003302000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xmlKtm
                                Source: saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
                                Source: saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlT
                                Source: saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
                                Source: saBSI.exe, saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonps;PAT
                                Source: saBSI.exe, 00000007.00000003.2316153316.00000000056A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
                                Source: saBSI.exe, 00000007.00000003.2316153316.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2315784248.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
                                Source: saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
                                Source: saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2331377609.000000000335B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binary
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/64/installer.exem
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
                                Source: saBSI.exe, 00000007.00000003.2316479568.000000000333C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.000000000333C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmlE
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
                                Source: saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
                                Source: saBSI.exe, 00000007.00000003.2316153316.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2315784248.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
                                Source: saBSI.exe, 00000007.00000003.2185215382.00000000056E1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1944844882.00000000056E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2185215382.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954762876.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
                                Source: saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
                                Source: saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/update/post_install.xmltps://sadownload.mcafee.com/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B51C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/
                                Source: prod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://shield.reasonsecurity.com/7ReasonLabs-Setup-Wizard.exe
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-Setup-Wizard.exe
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B51C000.00000004.00000800.00020000.00000000.sdmp, prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2031461118.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FB4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1769884377.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1516870226.0000000004FBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1543457419.0000000004FBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FB4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1477554587.0000000004FBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000005024000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1437926052.0000000004FBB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2113782558.0000000005024000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe9235e161efa7ecf6d460
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.0000000005074000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeJ
                                Source: prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com:443/ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/X
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io/
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io/X
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/live
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/update
                                Source: rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B0000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live
                                Source: rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live-bn:ReasonLabs-dt:10
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live-dt:10
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live:
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/liveRING=Defau
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/liveing
                                Source: rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/livelivee~i
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/liveva
                                Source: rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/livews_NT
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/update
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000004FB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy3
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1477554587.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms3e888c3d3327e9b930d88959235e161efa7ecf6d460FF/DOTPS-554/WcInstaller.zi
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1477554587.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms6/WcInstaller_IC201102_ISV.zipcqo7ygRhOy3CqaQo6N2hKNaAqZ68IjSpEler.zip
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/license/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/T
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula#pc/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula&
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy#pc
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policyP
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacyl
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000004FB2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
                                Source: CheatEngine75.exe, 0000000B.00000003.1980465629.00000000023A1000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000025A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/
                                Source: CheatEngine75.exe, 0000000B.00000003.1805063849.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/8https://www.cheatengine.org/8https://www.cheatengine.org/
                                Source: CheatEngine75.exe, 0000000B.00000003.1980465629.00000000023A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/A
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000025A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/Q
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/privacy.htm
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2100660771.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/privacy.htmd63C
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.forbes.com/sites/forbestechcouncil/2022/07/13/why-do-hacks-happen-four-ubiquitous-motiva
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1784486317.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000005083000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2099515976.000000000018E000.00000004.00000010.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214066009.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2214801931.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2210371456.000000000570B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2181578860.0000000005A0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2205729148.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2209471725.000000000570A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332506710.0000000005749000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002628000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000002.1976317481.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1333857903.0000000002660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1335851235.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000000.1337413894.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000000.1821761664.0000000000401000.00000020.00000001.01000000.00000018.sdmpString found in binary or memory: https://www.innosetup.com/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.0000000000869000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000086E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1771990181.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html/1489/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlX
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmletup.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlmages/p
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html6
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlTH
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1425862220.0000000004FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacyE
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000075F9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000075A6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076363252.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.0000000007620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1.tmp
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1.tmpz
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v135e161Y
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000004FD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1mages/6
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1~)/k
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000076AF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/pr
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000075A6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000C6B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076363252.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.0000000007620000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2094216701.0000000000C46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy5
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policyG
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policyI
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policyp
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/safer-web/privacy-policy?utm_source=reason_safer_web_installer
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/safer-web/terms?utm_source=reason_safer_web_installer
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/vpn/privacy-policy?utm_source=reason_vpn_installer
                                Source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/vpn/terms?utm_source=reason_vpn_installer
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1333857903.0000000002660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1335851235.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000000.1337413894.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000000.1821761664.0000000000401000.00000020.00000001.01000000.00000018.sdmpString found in binary or memory: https://www.remobjects.com/ps
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/eula.html
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/privacy.html
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49708 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49710 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49711 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49712 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49713 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49714 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49715 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49718 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.239.36.94:443 -> 192.168.2.9:49719 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49720 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49722 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.239.36.94:443 -> 192.168.2.9:49723 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49724 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49725 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.112:443 -> 192.168.2.9:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49729 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49732 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49733 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 18.173.206.96:443 -> 192.168.2.9:49750 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.67.35.220:443 -> 192.168.2.9:49751 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49766 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49769 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.204.15.254:443 -> 192.168.2.9:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49776 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 52.37.69.68:443 -> 192.168.2.9:49777 version: TLS 1.2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004054B6 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,9_2_004054B6
                                Source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2052379744.00000000077DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NtUserGetRawInputDatamemstr_b15bc263-7
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

                                System Summary

                                barindex
                                Submitted sample is a known malware sample
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeDropped file: MD5: e346fcecd037f0be2777231949977587 Family: APT37 Alias: Reaper group, Geumseong121, Group 123, Scarcruft, APT-S-008, Red Eyes, TEMP.Reaper, Ricochet Chollima, sun team, APT37 Description: APT37 is a suspected North Korean cyber espionage group that has been in operation since at least 2012. Their targets are primarily located in South Korea, but also Japan, Vietnam, Russia, China, India, and some of the countries in the Middle East. A wider range of industries are affected, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities References: https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf https://securelist.com/operation-daybreak/75100/https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess Stats: CPU usage > 49%
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AF874D NtQueryInformationProcess,12_2_00007FF887AF874D
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AF887D NtQueryInformationProcess,12_2_00007FF887AF887D
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D6220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,7_2_005D6220
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D04BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D04BB0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D2E4D0 WTSGetActiveConsoleSessionId,ProcessIdToSessionId,OpenProcess,OpenProcessToken,CloseHandle,GetLastError,DuplicateTokenEx,CloseHandle,CreateProcessAsUserW,CloseHandle,WaitForSingleObject,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D2E4D0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD06906_2_00007FF887AD0690
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD0E406_2_00007FF887AD0E40
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887ADA5F26_2_00007FF887ADA5F2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD93DC6_2_00007FF887AD93DC
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D4F507_2_005D4F50
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D8FB07_2_005D8FB0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D51107_2_005D5110
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060D5407_2_0060D540
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006118407_2_00611840
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D70D97_2_005D70D9
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005DF1107_2_005DF110
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005F73B07_2_005F73B0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005F3AC07_2_005F3AC0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060FFE07_2_0060FFE0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0065C1107_2_0065C110
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006081907_2_00608190
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006183A07_2_006183A0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006206607_2_00620660
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006586097_2_00658609
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006147C07_2_006147C0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006409197_2_00640919
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006609927_2_00660992
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00660AB27_2_00660AB2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00640B4B7_2_00640B4B
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00640DB07_2_00640DB0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005E8EA07_2_005E8EA0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005BCF407_2_005BCF40
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005FD2C07_2_005FD2C0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0064933A7_2_0064933A
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005B54007_2_005B5400
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006514AF7_2_006514AF
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0065D8E07_2_0065D8E0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060A5407_2_0060A540
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005BA6107_2_005BA610
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006668E07_2_006668E0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006128A07_2_006128A0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005B2B007_2_005B2B00
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00616D437_2_00616D43
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0063ADD07_2_0063ADD0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0060F1507_2_0060F150
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0064B3407_2_0064B340
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0061B4F07_2_0061B4F0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006176027_2_00617602
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005BF8307_2_005BF830
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006439A47_2_006439A4
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00613A307_2_00613A30
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005EFB407_2_005EFB40
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005E3C507_2_005E3C50
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005DBCB07_2_005DBCB0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005B7D107_2_005B7D10
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_0040727F9_2_0040727F
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_00406AA89_2_00406AA8
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_0040CDD510_2_0040CDD5
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_0041881010_2_00418810
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_004030CF10_2_004030CF
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_0041112910_2_00411129
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00414B3010_2_00414B30
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_0041742010_2_00417420
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_004144D010_2_004144D0
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00419D0110_2_00419D01
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00419DDB10_2_00419DDB
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00416E0910_2_00416E09
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AE182512_2_00007FF887AE1825
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AFAB2012_2_00007FF887AFAB20
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887C509B512_2_00007FF887C509B5
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D04BB014_2_00007FF6E2D04BB0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D071C014_2_00007FF6E2D071C0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D5E43014_2_00007FF6E2D5E430
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6A3B414_2_00007FF6E2D6A3B4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D69B9414_2_00007FF6E2D69B94
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6CB7014_2_00007FF6E2D6CB70
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D2E4D014_2_00007FF6E2D2E4D0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6B4A014_2_00007FF6E2D6B4A0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D811E814_2_00007FF6E2D811E8
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8D1EC14_2_00007FF6E2D8D1EC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D189D014_2_00007FF6E2D189D0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6A1B014_2_00007FF6E2D6A1B0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7D18C14_2_00007FF6E2D7D18C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D2C99014_2_00007FF6E2D2C990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8F18814_2_00007FF6E2D8F188
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D2599014_2_00007FF6E2D25990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6999014_2_00007FF6E2D69990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D3296014_2_00007FF6E2D32960
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D2414014_2_00007FF6E2D24140
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6C33414_2_00007FF6E2D6C334
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D17B3014_2_00007FF6E2D17B30
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7631414_2_00007FF6E2D76314
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D092F014_2_00007FF6E2D092F0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D36AD014_2_00007FF6E2D36AD0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6B82414_2_00007FF6E2D6B824
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7E02414_2_00007FF6E2D7E024
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7618014_2_00007FF6E2D76180
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7AFBC14_2_00007FF6E2D7AFBC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D69FA414_2_00007FF6E2D69FA4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D79F8014_2_00007FF6E2D79F80
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6C76C14_2_00007FF6E2D6C76C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D7693414_2_00007FF6E2D76934
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6B10814_2_00007FF6E2D6B108
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D740B014_2_00007FF6E2D740B0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D0A08014_2_00007FF6E2D0A080
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8186814_2_00007FF6E2D81868
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8287014_2_00007FF6E2D82870
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8685014_2_00007FF6E2D86850
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D0B5E014_2_00007FF6E2D0B5E0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D865D414_2_00007FF6E2D865D4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D69DA014_2_00007FF6E2D69DA0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D80D5414_2_00007FF6E2D80D54
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D0F6E014_2_00007FF6E2D0F6E0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D8F6D414_2_00007FF6E2D8F6D4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D1366014_2_00007FF6E2D13660
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFD133018_2_00007FF7FCFD1330
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFDCA9C18_2_00007FF7FCFDCA9C
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFDB59418_2_00007FF7FCFDB594
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFE3FF818_2_00007FF7FCFE3FF8
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_0076186033_2_00761860
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007FF05B33_2_007FF05B
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007F101F33_2_007F101F
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_0076281033_2_00762810
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007F556033_2_007F5560
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_0080150E33_2_0080150E
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007FC9E833_2_007FC9E8
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007615B533_2_007615B5
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007615B033_2_007615B0
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_0076369033_2_00763690
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_00761F6033_2_00761F60
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_008013EE33_2_008013EE
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_00762FB033_2_00762FB0
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00401A3040_2_00401A30
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0041150040_2_00411500
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0040564040_2_00405640
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0040466040_2_00404660
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0041376040_2_00413760
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0041270040_2_00412700
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00404C7040_2_00404C70
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: 41_2_00409AF041_2_00409AF0
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: 41_2_0041DDE041_2_0041DDE0
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeCode function: 45_2_00007FF887AE05FA45_2_00007FF887AE05FA
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0042C74046_2_0042C740
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004240F046_2_004240F0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0040416046_2_00404160
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004282F046_2_004282F0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004203D046_2_004203D0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004253E046_2_004253E0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004274F046_2_004274F0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0042B69046_2_0042B690
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0043B84046_2_0043B840
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004238B046_2_004238B0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0040595046_2_00405950
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00402A2046_2_00402A20
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00421AA046_2_00421AA0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00403B5046_2_00403B50
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00402B0046_2_00402B00
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00404B3046_2_00404B30
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_0043AF2046_2_0043AF20
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Load Driver
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Security
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00654231 appears 31 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00638E31 appears 83 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 006385BF appears 56 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00639600 appears 60 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00638375 appears 45 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00638DFE appears 103 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 005F8650 appears 192 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 005C1BE0 appears 70 times
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: String function: 00638713 appears 374 times
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF6E2D03810 appears 34 times
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF6E2D1E250 appears 58 times
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF6E2D01DB0 appears 68 times
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: String function: 004031E3 appears 37 times
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: String function: 004197D0 appears 120 times
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: String function: 00401490 appears 35 times
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: String function: 004036A0 appears 86 times
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                Source: installer.exe.7.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 28277285 bytes, 132 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 993 datablocks, 0x1 compression
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1333857903.0000000002660000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1335851235.000000007FB70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.0000000002288000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000000.1330210352.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.csCryptographic APIs: 'CreateDecryptor'
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.csCryptographic APIs: 'CreateDecryptor'
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.csCryptographic APIs: 'CreateDecryptor'
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.csCryptographic APIs: 'CreateDecryptor'
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.0000000002534000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.0000000002534000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector.sln
                                Source: icacls.exe, 0000002B.00000003.1954528982.0000020697685000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 0000002B.00000003.1954907980.0000020697685000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 0000002B.00000003.1955237165.0000020697688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *MonoDataCollector.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Z{app}\plugins\c# template\CEPluginLibrary.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000024AA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1{app}\autorun\dlls\src\Mono\MonoDataCollector.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.000000000257D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: %{app}\plugins\example-c\example-c.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.0000000002542000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.000000000247F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.000000000251D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -{app}\plugins\c# template\CEPluginLibrary.slna
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.000000000251D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: /{app}\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ^{app}\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: J{app}\plugins\example-c\example-c.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.0000000002534000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary.sln
                                Source: CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {app}\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
                                Source: CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000024B2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: @{app}\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
                                Source: CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b{app}\autorun\dlls\src\Mono\MonoDataCollector.sln
                                Source: icacls.exe, 0000002B.00000003.1963396316.0000020697675000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: example-c.sln`<
                                Source: icacls.exe, 0000002B.00000003.1954004101.0000020697690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CEJVMTI.sln
                                Source: icacls.exe, 0000002B.00000003.1963001122.000002069767D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,CEPluginLibrary.csproj`
                                Source: classification engineClassification label: mal48.troj.spyw.expl.evad.winEXE@77/754@15/9
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_0040E500 GetLastError,FormatMessageW,40_2_0040E500
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_00404766 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,9_2_00404766
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: OutputDebugStringW,GetModuleFileNameW,OpenSCManagerW,CreateServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,RegisterServiceCtrlHandlerExW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,CreateEventW,OutputDebugStringW,GetLastError,SetServiceStatus,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,WaitForSingleObject,OutputDebugStringW,OutputDebugStringW,CloseHandle,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,SetEvent,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D071C0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005C4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,7_2_005C4C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005C5C1E CoCreateInstance,OleRun,7_2_005C5C1E
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005E5318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,7_2_005E5318
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D04BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D04BB0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D04BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D04BB0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Program Files (x86)\WeatherZeroJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1600:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2832:120:WilError_03
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpMutant created: \Sessions\1\BaseNamedObjects\{6F44C754-77E7-4687-80D4-B48E574DF023}Installer
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1824:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5344:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2148:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:748:120:WilError_03
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{6F44C754-77E7-4687-80D4-B48E574DF023}Installer
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1880:120:WilError_03
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMutant created: \Sessions\1\BaseNamedObjects\WeatherZero.Already.Runned
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6776:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:616:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:316:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeFile created: C:\Users\user\AppData\Local\Temp\is-2P19C.tmpJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeReversingLabs: Detection: 47%
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmpEvasive API call chain: GetCommandLine,DecisionNodes,ExitProcess
                                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeProcess created: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp "C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp" /SL5="$10408,29086952,780800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe"
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess created: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe "C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe" /silent
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe .\UnifiedStub-installer.exe /silent
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\EPP\Uninstall.exe "C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=UnifiedStub
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe "C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe" /products=epp /auto-repair=UnifiedStub
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmp helper 105 0x84
                                Source: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe"
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe .\UnifiedStub-installer.exe /products=epp /auto-repair=UnifiedStub
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZero.exe "C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /q=DF4E7397994EE5D86AD1C8FEEA899434
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8926.tmp" "c:\Users\user\AppData\Local\Temp\CSC8925.tmp"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeProcess created: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp "C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp" /SL5="$10408,29086952,780800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=trueJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDISTJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess created: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe "C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe" /silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" installJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe .\UnifiedStub-installer.exe /silent
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmp helper 105 0x84
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe "C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe" /products=epp /auto-repair=UnifiedStub
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe .\UnifiedStub-installer.exe /products=epp /auto-repair=UnifiedStub
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess created: C:\Program Files (x86)\WeatherZero\WeatherZero.exe "C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /q=DF4E7397994EE5D86AD1C8FEEA899434
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess created: unknown unknown
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8926.tmp" "c:\Users\user\AppData\Local\Temp\CSC8925.tmp"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: msimg32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: winhttpcom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: webio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: msftedit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: windows.globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: bcp47mrm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: globinputhost.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dataexchange.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: d3d11.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dcomp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: dxgi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: zipfldr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpSection loaded: shdocvw.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: webio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeSection loaded: netapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeSection loaded: netutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mscoree.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: cryptsp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: rsaenh.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: dwrite.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: msvcp140_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: dnsapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: winnsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: wbemcomn.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: amsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: rasapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: rasman.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: rtutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: taskschd.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: winhttp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: sxs.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: xmllite.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: rasadhlp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: fwpuclnt.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: secur32.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: schannel.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: powrprof.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: umpdc.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: wtsapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: winsta.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: mskeyprotect.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ntasn1.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ncrypt.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: ncryptsslp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: msasn1.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeSection loaded: gpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: netapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: winhttp.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: netutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: wtsapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: winsta.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: textinputframework.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: coreuicomponents.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: coremessaging.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: shfolder.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: rstrtmgr.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: ncrypt.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: ntasn1.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: msftedit.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: windows.globalization.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: bcp47langs.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: bcp47mrm.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: globinputhost.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: dwmapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: explorerframe.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: sfc.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: sfc_os.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: linkinfo.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: ntshrui.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpSection loaded: cscapi.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: version.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: powrprof.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: netutils.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: umpdc.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: version.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: powrprof.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: netutils.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: umpdc.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: wldp.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeSection loaded: apphelp.dll
                                Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                                Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmpSection loaded: ntmarta.dll
                                Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: mscoree.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: cryptsp.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: rsaenh.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: edputil.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: urlmon.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: netutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: appresolver.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: bcp47langs.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: slc.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: sppc.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: wldp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: propsys.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: profapi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: edputil.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: netutils.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: sspicli.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: wintypes.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: appresolver.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: bcp47langs.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: slc.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: userenv.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: sppc.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: version.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: opengl32.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: wsock32.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: winmm.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: lua53-64.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: wininet.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: glu32.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: msimg32.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: explorerframe.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: tcc64-32.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: tcc64-64.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: wldp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: propsys.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: textshaping.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: xinput1_4.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: devobj.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: inputhost.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: coremessaging.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: wintypes.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: coreuicomponents.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: ntmarta.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: sspicli.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: profapi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: mswsock.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: winnsi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: netutils.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: schannel.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: msasn1.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: dpapi.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpWindow found: window name: TSelectLanguageFormJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: OK
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Accept
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Accept
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Accept
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpAutomated click: Next
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeAutomated click: OK
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow detected: Number of UI elements: 24
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow detected: Number of UI elements: 39
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P76J3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-456E6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-K6NOS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-653CG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-TEE86.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-GIM1T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UASEP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P71CB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-48QIF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-9L3C9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-56DLJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-SH0DD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-HR2IO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-MDBKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8NO2Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-L2PUE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-TBN24.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-445MR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-62AE0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UUIGM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PM6UG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-VRN50.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-66DVM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FA58B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-LONV1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-QVTSQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IEG10.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-I3P27.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-30M5G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-LIV87.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-MHAH0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-SR055.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FQI7K.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UNDL2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q14SF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-CT7MQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-N074Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-3I2TU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-ALERU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-T0NJ5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-56CDG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-VJAGE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-4EMRA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-N19UV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-E3SJF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-TN157.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-V94MA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-HVU4U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-R0CCE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IH693.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-QDDCM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-QVL3T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-P1OI6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IH1SQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H0H27.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-PL7EI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-5QK2E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U9AL3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-TCOUL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UJRBL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-D9LUV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-6DBQN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IJLDN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-16QLV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-KQ7DG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-GJBAD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-RORV5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q88S7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-MLHNP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FBFKT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-OM56O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H4P16.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-PLCBK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-5S5V0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-N8AS7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-OS3RJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-O7AQM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-PJ81E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-H55RB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-2ETM7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-IHAQQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-QS28U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-TAC3S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-I9CFP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F725L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-MAPM9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-CLEPH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-DQTR2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-M0CP2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-8CHU6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-HKO42.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VASUQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-O0QMM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-KCJ9D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-Q19F8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-KQ8LN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-0VU4B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-8UGKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-AHPAR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-829EK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L2PBP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2TDGS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-JMHAI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-507C7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-6MCQN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-8G42J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-VEC65.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-BU058.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NR52U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2B2L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-V4JPD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L7T4G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2H8Q5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2RTP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-97V42.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-3V98M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UAG9R.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-SQ74J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-C340L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KQIIG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-V06UU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2S9FE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-U2CT4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-D1IC7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-V69K2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-7EOVH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-NPLE1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-5FQ0P.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-QF8HR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-KRF7B.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-IBEK7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-P39QR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-3GGR6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-L7MP3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-59ART.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2B7C6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NGAGF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DN8FP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7U2AH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-8QV7J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-9H2D7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4NNEJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1V2FL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-U4AO6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5CHJ4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-VJFB4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-H4LP9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T1MFB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1D49U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TU5C3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-RFU96.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-3I4LR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-AETTC.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-B82C9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-A5053.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5828D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-O2MT6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-1COQD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BKFMP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4OCNP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-HPQT5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1EQP8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-65VBV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TEO8P.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5B6L1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-0GFVI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-DJDME.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UMLK2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-L160H.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-DPBO1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-O5JBT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-29O6E.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-E0HVD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-VP31G.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-M1H65.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-FIS0L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TOELE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TN2EL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-MMU2T.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4MBNE.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-6B9AC.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-2V468.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-FVL3U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-7F6JI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-P0M9U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-1R632.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-203EV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-7H6HO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-7C6BB.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-GVNPU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VLRG6.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-FVK1L.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-G2L49.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-V029I.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LQITA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-15NU9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-C4IQ9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-B19QJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MPO1C.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-SDETK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-SHOE4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VR3GO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-D5CF5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-MROTH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4OTKH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-73TJP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-RDFDD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-EV9VL.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-ESUM8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4ATFF.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-01JMQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-MOO9Q.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CV2G2.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-1ATJI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-QKA5O.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-8U0IN.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-46BJP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-EFHQA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-G4416.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SQ72U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DS67S.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-BBPDR.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-0BMDT.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-KF0PG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-95RBK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-4N9VJ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-9CC1K.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-2GR34.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-PE5UP.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-202E9.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-Q2NM4.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-Q0C0I.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-0HC52.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-IEPCM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-K5294.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-62O6J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-RLT67.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-R3J1H.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-7IOSD.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-1EOTV.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-UEFE1.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-RVN7J.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-34QLM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-MV23D.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RKUC8.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-QC7DK.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-TF6UO.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SP87M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JE8KI.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-5DKMA.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-23B5A.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-3Q6FH.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-67DUQ.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-IKLOG.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M3GR5.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SN4JM.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JRD6M.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-NRSUS.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-FNBM0.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-S3T0U.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-MI2BU.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-G2E86.tmp
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReasonLabs-EPP
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: certificate valid
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic file information: File size 29977368 > 1048576
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: UxTheme.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114151959.0000000008543000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2073007124.00000000086C3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2073007124.00000000086C3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\git\cheat-engine\Cheat Engine\bin\tcc64-64.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2103673109.00000000089B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\git\cheat-engine\Cheat Engine\bin\tcc64-64.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2103673109.00000000089B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcrt.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.00000000073E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2065979973.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057668772.0000000007E22000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E22000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb< source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, rsSyncSvc.exe, 0000000E.00000000.1827291162.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 0000000E.00000002.1831277656.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000002.3797829292.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000000.1828808226.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.000000000740A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2145683741.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114356638.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: XInput1_4.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2170265805.0000000007CDB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsDatabase.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: UxTheme.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114151959.0000000008543000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb$1>1 01_CorExeMainmscoree.dll source: prod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: WLDP.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2138322273.0000000008AA3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb@ source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2126017494.0000000008AFE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, rsSyncSvc.exe, 0000000E.00000000.1827291162.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 0000000E.00000002.1831277656.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000002.3797829292.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, rsSyncSvc.exe, 00000010.00000000.1828808226.00007FF6E2D97000.00000002.00000001.01000000.00000019.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gdi32full.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2049294988.00000000073DB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: win32u.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057236647.0000000007246000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.000000000884B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2145683741.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2114356638.0000000008BC8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: imm32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073FE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsock32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2054994070.0000000007E28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsAtom.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: opengl32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072459344.0000000007E1C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2063702992.0000000007D4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WLDP.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2138322273.0000000008AA3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb source: prod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: rsTime.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: imm32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073FE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2051458226.00000000073EC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2126017494.0000000008AFE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gdi32full.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2049294988.00000000073DB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubLib\obj\Release\rsStubLib.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2263241058.0000027D6EA72000.00000002.00000001.01000000.00000031.sdmp
                                Source: Binary string: ole32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2067473100.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073F8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: version.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2071978305.0000000007E16000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E16000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: user32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2050941437.0000000007240000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2065979973.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: opengl32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072459344.0000000007E1C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\ArchiveUtility\bin\Release\x64\ArchiveUtility.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\UnifiedStub\obj\Release\UnifiedStub.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: hhctrl.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.0000000008669000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.000000000884B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Windows.Storage.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2131002321.0000000008A11000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2063702992.0000000007D4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: hhctrl.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2093285844.0000000008669000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: added an option to skip loading .PDB files source: CheatEngine75.exe, 0000000B.00000003.1980465629.0000000002318000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1805063849.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000024C7000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1969188017.0000000000B34000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1968925907.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1827713818.00000000034C0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1970251372.00000000037B1000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: ole32.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2067473100.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2072779544.00000000073F8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubRunner\rsStubRunner\bin\Release\x64\rsStubRunner.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000327E000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803353936.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1804261457.000000000323D000.00000004.00001000.00020000.00000000.sdmp, w0jpn3s4.exe, 0000000A.00000003.1803542721.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, Uninstall.exe, 00000012.00000000.1832523889.00007FF7FCFE6000.00000002.00000001.01000000.0000001A.sdmp, Uninstall.exe, 00000012.00000002.1837658378.00007FF7FCFE6000.00000002.00000001.01000000.0000001A.sdmp, Stub.exe, 00000015.00000003.1999744155.0000000002BC0000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.1999338001.0000000002A00000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000326E000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.000000000322D000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2045363199.000000000740A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdb source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: version.pdb0 source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2071978305.0000000007E16000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E16000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdbx source: w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: comctl32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2057668772.0000000007E22000.00000004.00000020.00020000.00000000.sdmp, cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2082174376.0000000007E22000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsock32.pdb source: cheatengine-x86_64-SSE4-AVX2.exe, 0000002F.00000003.2054994070.0000000007E28000.00000004.00000020.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains method to dynamically call methods (often used by packers)
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.cs.Net Code: Type.GetTypeFromHandle(CJI6ksmAfV9lqr5bFV.GWHS8jinbvjcW(16777351)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(CJI6ksmAfV9lqr5bFV.GWHS8jinbvjcW(16777267)),Type.GetTypeFromHandle(CJI6ksmAfV9lqr5bFV.GWHS8jinbvjcW(16777241))})
                                Source: is-U0GBD.tmp.2.drStatic PE information: 0xD49AEFA9 [Mon Jan 11 20:08:09 2083 UTC]
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00602B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,7_2_00602B30
                                Source: INetC.dll.9.drStatic PE information: real checksum: 0x0 should be: 0xb6cc
                                Source: is-U0GBD.tmp.2.drStatic PE information: real checksum: 0x14f88 should be: 0xfc9f
                                Source: botva2.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x15537
                                Source: w0jpn3s4.exe.6.drStatic PE information: real checksum: 0x24d917 should be: 0x24ebdb
                                Source: zbShieldUtils.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x2053b1
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x2e0bb3
                                Source: uninstall.exe.9.drStatic PE information: real checksum: 0x60081f should be: 0x4fd62
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeStatic PE information: section name: .didata
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp.0.drStatic PE information: section name: .didata
                                Source: CheatEngine75.exe.2.drStatic PE information: section name: .didata
                                Source: saBSI.exe.2.drStatic PE information: section name: .didat
                                Source: w0jpn3s4.exe.6.drStatic PE information: section name: .sxdata
                                Source: installer.exe.7.drStatic PE information: section name: _RDATA
                                Source: ArchiveUtilityx64.dll.10.drStatic PE information: section name: _RDATA
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD749E push eax; iretd 6_2_00007FF887AD74AD
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD746E pushad ; iretd 6_2_00007FF887AD749D
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeCode function: 6_2_00007FF887AD812B push ebx; ret 6_2_00007FF887AD816A
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00638DDB push ecx; ret 7_2_00638DEE
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00667CFD push ecx; ret 7_2_00667D12
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00419800 push eax; ret 10_2_0041982E
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_004197D0 push eax; ret 10_2_004197EE
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AF5CF0 push ebp; iretd 12_2_00007FF887AF5CF6
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887AF4241 push ss; iretd 12_2_00007FF887AF4248
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887C544A1 push ebx; ret 12_2_00007FF887C544BA
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887C5446B push ebx; ret 12_2_00007FF887C5448A
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeCode function: 12_2_00007FF887C5445C push edx; ret 12_2_00007FF887C5446A
                                Source: rsDatabase.dll.10.dr, AbstractDatabase.csHigh entropy of concatenated method names: 'CreateCommand', 'QueryScalarStrict', 'Value', 'HwX4QGPaJ', 'QueryScalarInt', 'QueryScalarString', 'QueryInternal', 'QueryArrays', 'QueryTuples', 'QueryTuples'
                                Source: rsDatabase.dll.10.dr, Database.csHigh entropy of concatenated method names: 'IntegrityCheck', 'CreateTables', 'Transaction', 'GetDataSet', 'GetAllRows', 'GetRowWhere', 'GetRowsWhere', 'ExistsRowWhere', 'HasTable', 'HasColumn'
                                Source: rsDatabase.dll.10.dr, HwXQGP4aJfTjro772A.csHigh entropy of concatenated method names: 'BftS8jqqUFiZa', 'ouC0uH93C14OHdadeow', 'UcLMYi9XwaD7ME3kF1b', 'YcO1JU9FGnOSu9H3bo0', 'mKx7pG90lydPWs49gXQ', 'eahIYr9MXTlGNRQWqg8', 'MTN5Na9EeGZOaATtAEx', 'xyASQ59cb23xYp7Jr4w', 'rpnKES9dLC7MyiPqKlR', 'GonULa9S8nlSEeopnoh'
                                Source: rsDatabase.dll.10.dr, i0lCiA59BgeyIdeT9Y.csHigh entropy of concatenated method names: 'o78oTJEMpG', 'b4Vo7JxfLl', 'GwBojYjn4R', 'fIfo0EHFfC', 'RRYomaHPfD', 'dlColFx7Jw', 'l6moJOot5H', 'lOjoOpYgGR', 'Hcvo57jg5f', 'x0ionHZmrj'
                                Source: rsDatabase.dll.10.dr, jTQUkyXTEdtNfPRZPx.csHigh entropy of concatenated method names: 'oV6wYkl7user6DVpKX7', 'DnQrOSl9THgQGODdZK3', 'pFkoo4af47', 'FoQO7LlKbSlk32yWOl1', 'ajiP6Tlg2VPapXVZ8uh', 'XIj5uml6esmPZmQfeIg', 'FUnE81lW1NtDhQWpCgK', 'IJTlSblJW3Fu04fWXlN', 'sLcF9hlk4JKsnj700HM', 'UupT5ml2QJF9cM2Rrtf'
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-epp.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-445MR.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsSyncSvc.exeJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ro-RO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\tr-TR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ko-KR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-QVTSQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es-ES\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\el-GR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nb-NO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-PT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-3V98M.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sv-SE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-I3P27.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-FA58B.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-P76J3.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-LONV1.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-TW\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-IEG10.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-SQ74J.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr-FR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sk-SK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd1492.tmp\INetC.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl-PL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-vpn.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ja-JP\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\th-TH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-BR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl-SI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\vi-VN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl-SI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-QC7DK.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hi-IN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-MV23D.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-RKUC8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-SH0DD.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-653CG.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd1492.tmp\WeatherZeroNSISPlugin.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de-DE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-VRN50.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-456E6.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\da-DK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru-RU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sk-SK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hu-HU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\id-ID\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-MDBKN.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nl-NL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fil-PH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\cs-CZ\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-NGAGF.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it-IT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-56DLJ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fi-FI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hr-HR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-dns.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsStubLib.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ja-JP\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ko-KR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\zbShieldUtils.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fi-FI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ro-RO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\tr-TR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-K6NOS.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\th-TH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nb-NO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\cs-CZ\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-62AE0.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-97V42.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\unins000.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl-PL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it-IT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-TW\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-UAG9R.tmpJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeFile created: C:\Users\user\AppData\Local\Temp\f3ilhy3j.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Program Files (x86)\WeatherZero\WeatherZero.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\id-ID\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-UUIGM.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-PM6UG.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es-ES\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-vpn.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru-RU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\el-GR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-PT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-9L3C9.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\lua53-64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hi-IN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fil-PH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-C340L.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeFile created: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\vi-VN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\botva2.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-dns.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr-FR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-BR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-48QIF.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-66DVM.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nl-NL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-HR2IO.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile created: C:\Program Files (x86)\WeatherZero\uninstall.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sv-SE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hr-HR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeFile created: C:\Users\user\AppData\Local\Temp\Stub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hu-HU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeFile created: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpJump to dropped file
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeFile created: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsSyncSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0 (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\da-DK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-TEE86.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-U0GBD.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-epp.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-TBN24.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de-DE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UnifiedStub-installer.exe.log

                                Boot Survival

                                barindex
                                Installs Task Scheduler Managed Wrapper
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeFile created: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit SSE4-AVX2).lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit).lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (32-bit).lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial (64-bit).lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine help.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff\Unload kernel module.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Reset settings.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Lua documentation.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Uninstall Cheat Engine.lnk
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D04BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D04BB0
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile opened: C:\Program Files\ReasonLabs\EPP\Uninstall.exe:Zone.Identifier read attributes | delete
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005F0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,7_2_005F0540
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found evasive API chain (may stop execution after checking locale)
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeEvasive API call chain: GetUserDefaultLangID, ExitProcess
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeMemory allocated: 25F0B250000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeMemory allocated: 25F23440000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeMemory allocated: 171EDC30000 memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeMemory allocated: 171EDD80000 memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeMemory allocated: 27D6E9F0000 memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeMemory allocated: 27D70340000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMemory allocated: 1720000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMemory allocated: 33F0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeMemory allocated: 1720000 memory commit | memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005C4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,7_2_005C4C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeWindow / User API: threadDelayed 6767Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeWindow / User API: threadDelayed 2910Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeWindow / User API: threadDelayed 5451
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeWindow / User API: threadDelayed 2763
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeWindow / User API: threadDelayed 865
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow / User API: threadDelayed 5695
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow / User API: threadDelayed 1849
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow / User API: windowPlacementGot 1205
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeWindow / User API: threadDelayed 9726
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-445MR.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ro-RO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\tr-TR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ko-KR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-QVTSQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es-ES\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\el-GR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-PT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nb-NO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-3V98M.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sv-SE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-I3P27.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-FA58B.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-LONV1.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-TW\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-IEG10.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-SQ74J.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr-FR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sk-SK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd1492.tmp\INetC.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl-PL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-vpn.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ja-JP\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\th-TH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-BR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl-SI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\vi-VN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl-SI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-QC7DK.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hi-IN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-MV23D.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-RKUC8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-SH0DD.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd1492.tmp\WeatherZeroNSISPlugin.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-653CG.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de-DE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-VRN50.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru-RU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\da-DK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sk-SK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hu-HU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\id-ID\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-MDBKN.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nl-NL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fil-PH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\cs-CZ\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it-IT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-56DLJ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fi-FI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hr-HR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-dns.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsStubLib.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ja-JP\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ko-KR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\zbShieldUtils.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fi-FI\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\tr-TR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ro-RO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\th-TH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nb-NO\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\cs-CZ\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-62AE0.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-97V42.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl-PL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it-IT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-TW\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\f3ilhy3j.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-UAG9R.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\id-ID\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-UUIGM.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-PM6UG.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es-ES\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-vpn.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru-RU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\el-GR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-PT\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-9L3C9.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hi-IN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fil-PH\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-C340L.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\vi-VN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-dns.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\botva2.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr-FR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-BR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-48QIF.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-66DVM.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nl-NL\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-HR2IO.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\WeatherZero\uninstall.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hr-HR\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sv-SE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hu-HU\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\da-DK\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-TBN24.tmpJump to dropped file
                                Source: C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de-DE\UnifiedStub.resources.dllJump to dropped file
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeAPI coverage: 4.7 %
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeAPI coverage: 9.0 %
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeAPI coverage: 8.8 %
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp TID: 7488Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp TID: 7512Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe TID: 7944Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe TID: 7948Thread sleep count: 6767 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe TID: 7948Thread sleep count: 2910 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe TID: 3304Thread sleep time: -24903104499507879s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe TID: 4084Thread sleep count: 5451 > 30
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe TID: 5864Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe TID: 6756Thread sleep count: 2763 > 30
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe TID: 5864Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe TID: 5396Thread sleep count: 865 > 30
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe TID: 5396Thread sleep time: -432500s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe TID: 4460Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe TID: 5984Thread sleep time: -14237500s >= -30000s
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe TID: 6996Thread sleep time: -972600s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeFile opened: PhysicalDrive0Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp FullSizeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp FullSizeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00659BF0 FindFirstFileExW,7_2_00659BF0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,9_2_00405A19
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004065CE FindFirstFileA,FindClose,9_2_004065CE
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004027AA FindFirstFileA,9_2_004027AA
                                Source: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exeCode function: 10_2_00404EC1 FindFirstFileW,10_2_00404EC1
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFDCA9C FindFirstFileExW,18_2_00007FF7FCFDCA9C
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00417980 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError,SetLastError,40_2_00417980
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: 40_2_00417E10 FindFirstFileExW,FindClose,40_2_00417E10
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00622782 VirtualQuery,GetSystemInfo,7_2_00622782
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmpJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extractJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpFile opened: C:\Users\userJump to behavior
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1437926052.0000000004FC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                Source: saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt/
                                Source: UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                                Source: WZSetup.exe, 00000009.00000003.1944848633.0000000000601000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1948434458.0000000000601000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'c%SystemRoot%\system32\mswsock.dll^
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.0000000000869000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`:
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1789155539.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799361236.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1945813123.000000000063B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: WZSetup.exe, 00000009.00000003.1945813123.0000000000625000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000003.1944848633.0000000000621000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1949709541.0000000000626000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3881936521.00000171EE790000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO|3al
                                Source: UnifiedStub-installer.exe, 0000000C.00000002.3877842721.00000171EE556000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductUABNKF3BC72742-A345-A4E4-61BC-197C285C1019VMware, Inc.None
                                Source: UnifiedStub-installer.exe, 0000002D.00000002.2267666962.0000027D70BB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}=
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v":"0.1","l":"US","i":{"cu":"","ct":"","cp":"","ctu":"","cl":"","ch":"","ca":"v5.83","cf":"","cpi":"","cps":"","cd":"","cpr":"","cpp":"","cfl":"","cj":"+1","cb":"","cod":"","ctp":"","cep":""},"f":{"m":3,"x":"2025-02-27T22:24:28.570Z","a":"cdc2","d":"103"},"o":[{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1437926052.0000000004FBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cheat Engine is a tool designed to help you with modifying single player games without internet connection so you can make them harder or easier depending on your preference."ctp":"","cep":""},"f":{"m":3,"x":"2025-02-27T22:24:28.570Z","a":"cdc2","d":"103"},"o":[{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Con
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.)
                                Source: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786824367.00000000050A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WZSetup.exe61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
                                Source: prod0.exe, 00000006.00000002.3796968348.0000025F09873000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeAPI call chain: ExitProcess graph end nodegraph_9-3302
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006393F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_006393F2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005D5110 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,7_2_005D5110
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005C4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,7_2_005C4C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00667BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C7_2_00667BC0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00602B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,7_2_00602B30
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0064E8FE mov eax, dword ptr fs:[00000030h]7_2_0064E8FE
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00657C6A mov eax, dword ptr fs:[00000030h]7_2_00657C6A
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00657CF2 mov eax, dword ptr fs:[00000030h]7_2_00657CF2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00657CAE mov eax, dword ptr fs:[00000030h]7_2_00657CAE
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00657D23 mov eax, dword ptr fs:[00000030h]7_2_00657D23
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007F9D02 mov eax, dword ptr fs:[00000030h]33_2_007F9D02
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007F433F mov eax, dword ptr fs:[00000030h]33_2_007F433F
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_005C463F GetProcessHeap,7_2_005C463F
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess token adjusted: Debug
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00639018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00639018
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_006393F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_006393F2
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_0063D453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0063D453
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00639586 SetUnhandledExceptionFilter,7_2_00639586
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D6E3BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF6E2D6E3BC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D62A10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF6E2D62A10
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFDA23C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF7FCFDA23C
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFD42B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF7FCFD42B0
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFD41CC SetUnhandledExceptionFilter,18_2_00007FF7FCFD41CC
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 18_2_00007FF7FCFD4028 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF7FCFD4028
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007ED11E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,33_2_007ED11E
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exeCode function: 33_2_007F2603 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,33_2_007F2603
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: 41_2_0040DEC0 SetUnhandledExceptionFilter,41_2_0040DEC0
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: 41_2_0040DED0 SetUnhandledExceptionFilter,41_2_0040DED0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_004117F0 SetUnhandledExceptionFilter,46_2_004117F0
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: 46_2_00411810 SetUnhandledExceptionFilter,46_2_00411810
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Found direct / indirect Syscall (likely to bypass EDR)
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeNtQueryInformationProcess: Indirect: 0x7FF8DED2C34D
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=trueJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeProcess created: C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe "C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe" /silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmp helper 105 0x84
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
                                Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeProcess created: unknown unknown
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8926.tmp" "c:\Users\user\AppData\Local\Temp\CSC8925.tmp"
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe "c:\users\user\appdata\local\temp\is-qlofe.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100" -i -v -d -se=true
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe "c:\users\user\appdata\local\temp\is-qlofe.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=zb_rav_cross_tri_ncb&p=cdc2&a=100" -i -v -d -se=trueJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmpCode function: 29_2_0000000140001000 GetNamedSecurityInfoW,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,LocalFree,FreeSid,LocalFree,GetLastError,29_2_0000000140001000
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00639215 cpuid 7_2_00639215
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoW,7_2_006545DA
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,7_2_0065C65F
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: EnumSystemLocalesW,7_2_0065C952
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: EnumSystemLocalesW,7_2_0065C907
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: EnumSystemLocalesW,7_2_0065C9ED
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_0065CA80
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoW,7_2_0065CCE0
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_0065CE06
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoW,7_2_0065CF0C
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_0065CFDB
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: GetLocaleInfoEx,7_2_00637E28
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: EnumSystemLocalesW,7_2_00653F6D
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D2FC30
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_00007FF6E2D8CC00
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,14_2_00007FF6E2D8C514
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,14_2_00007FF6E2D7FCC0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D19C90
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,14_2_00007FF6E2D8CA1C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,14_2_00007FF6E2D8C1B8
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLocaleInfoEx,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,14_2_00007FF6E2D189D0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,14_2_00007FF6E2D61AEC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoW,14_2_00007FF6E2D80258
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,14_2_00007FF6E2D8C5E4
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: GetLocaleInfoA,40_2_00417F50
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,40_2_004180C0
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,40_2_004180BF
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: GetLocaleInfoW,GetLocaleInfoW,40_2_00417E9F
                                Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeCode function: GetLocaleInfoW,GetLocaleInfoW,40_2_00417EB0
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: GetLocaleInfoA,41_2_0041F060
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: GetLocaleInfoA,41_2_0041F0C0
                                Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,41_2_0041F230
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: GetLocaleInfoA,46_2_0042C210
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: GetLocaleInfoA,46_2_0042C270
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,46_2_0042C660
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: GetLocaleInfoW,46_2_0041F730
                                Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeCode function: GetLocaleInfoW,46_2_0041F7A0
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\logo.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\RAV_Cross.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\WebAdvisor.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\WeatherZero.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\finish.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exeQueries volume information: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeCode function: 7_2_00654619 GetSystemTimeAsFileTime,7_2_00654619
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 14_2_00007FF6E2D86850 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,14_2_00007FF6E2D86850
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3
                                Source: C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

                                Stealing of Sensitive Information

                                barindex
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 21.3.Stub.exe.2ea1058.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e89f48.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.UnifiedStub-installer.exe.171ee760000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.UnifiedStub-installer.exe.171ee650000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.2.UnifiedStub-installer.exe.27d70270000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e79f48.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2eb1058.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e89f48.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2ea1058.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e24ca4.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e34ca4.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2eb1058.9.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e00000.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e79f48.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e10000.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dll, type: DROPPED
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exeFile opened: C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences

                                Remote Access Functionality

                                barindex
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 21.3.Stub.exe.2ea1058.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e89f48.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.UnifiedStub-installer.exe.171ee760000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.UnifiedStub-installer.exe.171ee650000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.2.UnifiedStub-installer.exe.27d70270000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e79f48.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2eb1058.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e89f48.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2ea1058.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e24ca4.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e34ca4.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2eb1058.9.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e00000.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.3.Stub.exe.2e79f48.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 10.3.w0jpn3s4.exe.2e10000.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dll, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                1
                                Software                                		Acquire Infrastructure1
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		1
                                LSASS Driver                                		1
                                Abuse Elevation Control Mechanism                                		21
                                Disable or Modify Tools                                		1
                                OS Credential Dumping                                		2
                                System Time Discovery                                		Remote Services11
                                Archive Collected Data                                		2
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts121
                                Native API                                		1
                                DLL Side-Loading                                		1
                                LSASS Driver                                		11
                                Deobfuscate/Decode Files or Information                                		11
                                Input Capture                                		3
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Data from Local System                                		21
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts12
                                Command and Scripting Interpreter                                		1
                                Valid Accounts                                		1
                                DLL Side-Loading                                		1
                                Abuse Elevation Control Mechanism                                		Security Account Manager167
                                System Information Discovery                                		SMB/Windows Admin Shares11
                                Input Capture                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts11
                                Scheduled Task/Job                                		26
                                Windows Service                                		1
                                Valid Accounts                                		2
                                Obfuscated Files or Information                                		NTDS1
                                Query Registry                                		Distributed Component Object Model1
                                Clipboard Data                                		14
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts23
                                Service Execution                                		11
                                Scheduled Task/Job                                		11
                                Access Token Manipulation                                		1
                                Software Packing                                		LSA Secrets61
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
                                Registry Run Keys / Startup Folder                                		26
                                Windows Service                                		1
                                Timestomp                                		Cached Domain Credentials151
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd Timers1
                                Services File Permissions Weakness                                		11
                                Process Injection                                		1
                                DLL Side-Loading                                		DCSync2
                                Process Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job11
                                Scheduled Task/Job                                		3
                                Masquerading                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
                                Registry Run Keys / Startup Folder                                		1
                                Valid Accounts                                		/etc/passwd and /etc/shadow2
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCron1
                                Services File Permissions Weakness                                		1
                                Modify Registry                                		Network Sniffing1
                                System Network Configuration Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd151
                                Virtualization/Sandbox Evasion                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
                                Access Token Manipulation                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers11
                                Process Injection                                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                                Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
                                Hidden Files and Directories                                		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood
                                Identify Business TempoBotnetHardware AdditionsPythonHypervisorProcess Injection1
                                Services File Permissions Weakness                                		Credential API HookingDomain GroupsExploitation of Remote ServicesRemote Email CollectionExternal ProxyTransfer Data to Cloud AccountReflection Amplification

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1483536 Sample: SecuriteInfo.com.Trojan.Ins... Startdate: 28/07/2024 Architecture: WINDOWS Score: 48 159 track.analytics-data.io 2->159 161 shield.reasonsecurity.com 2->161 163 13 other IPs or domains 2->163 187 Antivirus / Scanner detection for submitted sample 2->187 189 Multi AV Scanner detection for submitted file 2->189 191 Yara detected PureLog Stealer 2->191 193 4 other signatures 2->193 12 SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe 2 2->12         started        15 Uninstall.exe 2->15         started        17 WeatherZeroService.exe 2->17         started        19 2 other processes 2->19 signatures3 process4 file5 117 SecuriteInfo.com.T...077.25967.22716.tmp, PE32 12->117 dropped 21 SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp 5 31 12->21         started        25 Stub.exe 15->25         started        28 WeatherZero.exe 17->28         started        process6 dnsIp7 169 d3cored83b0wp2.cloudfront.net 18.173.206.112, 443, 49708, 49709 MIT-GATEWAYSUS United States 21->169 171 18.173.206.96, 443, 49750 MIT-GATEWAYSUS United States 21->171 173 d14mh4uvqj4iiz.cloudfront.net 18.239.36.94, 443, 49719, 49723 AMAZON-02US United States 21->173 99 C:\Users\user\AppData\Local\...\WZSetup.exe, PE32 21->99 dropped 101 C:\Users\user\AppData\...\zbShieldUtils.dll, PE32 21->101 dropped 103 C:\Users\user\AppData\Local\...\saBSI.exe, PE32 21->103 dropped 113 6 other files (none is malicious) 21->113 dropped 30 prod0.exe 14 4 21->30         started        33 CheatEngine75.exe 21->33         started        35 WZSetup.exe 9 35 21->35         started        43 2 other processes 21->43 105 C:\Users\user\AppData\Local\...\rsTime.dll, PE32 25->105 dropped 107 C:\Users\user\AppData\Local\...\rsLogger.dll, PE32 25->107 dropped 109 C:\Users\user\AppData\Local\...\rsJSON.dll, PE32 25->109 dropped 115 52 other files (3 malicious) 25->115 dropped 197 Installs Task Scheduler Managed Wrapper 25->197 39 UnifiedStub-installer.exe 25->39         started        175 ip-api.com 208.95.112.1, 49752, 80 TUT-ASUS United States 28->175 177 eu.api.openweathermap.org 146.185.152.21, 49757, 49794, 80 DIGITALOCEAN-ASNUS Netherlands 28->177 111 C:\Users\user\AppData\...\f3ilhy3j.cmdline, Unicode 28->111 dropped 41 csc.exe 28->41         started        file8 signatures9 process10 dnsIp11 135 C:\Users\user\AppData\Local\...\w0jpn3s4.exe, PE32 30->135 dropped 45 w0jpn3s4.exe 30->45         started        137 C:\Users\user\AppData\...\CheatEngine75.tmp, PE32 33->137 dropped 49 CheatEngine75.tmp 33->49         started        165 localweatherfree.com 188.114.96.3, 443, 49729, 49730 CLOUDFLARENETUS European Union 35->165 139 C:\Program Files (x86)\...\WeatherZero.exe, PE32 35->139 dropped 141 C:\Users\user\...\WeatherZeroNSISPlugin.dll, PE32 35->141 dropped 143 C:\Users\user\AppData\Local\...\INetC.dll, PE32 35->143 dropped 151 3 other files (none is malicious) 35->151 dropped 195 Submitted sample is a known malware sample 35->195 51 WeatherZeroService.exe 35->51         started        53 WeatherZeroService.exe 35->53         started        145 C:\Users\user\AppData\Local\Temp\Stub.exe, PE32 39->145 dropped 147 C:\Users\user\AppData\Local\...\f3ilhy3j.dll, PE32 41->147 dropped 55 conhost.exe 41->55         started        57 cvtres.exe 41->57         started        167 mosaic-orio.apis.mcafee.com 52.37.69.68, 443, 49725, 49726 AMAZON-02US United States 43->167 149 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 43->149 dropped 59 cheatengine-x86_64-SSE4-AVX2.exe 43->59         started        file12 signatures13 process14 dnsIp15 119 C:\Users\user\AppData\Local\...\rsTime.dll, PE32 45->119 dropped 121 C:\Users\user\AppData\Local\...\rsLogger.dll, PE32 45->121 dropped 123 C:\Users\user\AppData\Local\...\rsJSON.dll, PE32 45->123 dropped 131 52 other files (4 malicious) 45->131 dropped 199 Installs Task Scheduler Managed Wrapper 45->199 62 UnifiedStub-installer.exe 45->62         started        125 cheatengine-x86_64-SSE4-AVX2.exe (copy), PE32+ 49->125 dropped 127 C:\Program Files\...\Cheat Engine.exe (copy), PE32 49->127 dropped 129 cheatengine-x86_64...AVX2.exe.sig (copy), data 49->129 dropped 133 117 other files (none is malicious) 49->133 dropped 67 net.exe 49->67         started        69 net.exe 49->69         started        71 sc.exe 49->71         started        77 6 other processes 49->77 73 conhost.exe 51->73         started        75 conhost.exe 53->75         started        179 cheatengine.org 172.67.35.220, 443, 49751, 49759 CLOUDFLARENETUS United States 59->179 201 Found direct / indirect Syscall (likely to bypass EDR) 59->201 file16 signatures17 process18 dnsIp19 181 atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.com 52.204.15.254, 443, 49732, 49733 AMAZON-AESUS United States 62->181 153 C:\Program Files\ReasonLabs\...\Uninstall.exe, PE32+ 62->153 dropped 155 C:\Program Files\ReasonLabs\...\Stub.exe, PE32 62->155 dropped 157 C:\Program Files\ReasonLabs\...\rsSyncSvc.exe, PE32+ 62->157 dropped 183 Tries to harvest and steal browser information (history, passwords, etc) 62->183 185 Hides that the sample has been downloaded from the Internet (zone.identifier) 62->185 79 rsSyncSvc.exe 62->79         started        81 conhost.exe 67->81         started        83 net1.exe 67->83         started        85 conhost.exe 69->85         started        87 net1.exe 69->87         started        89 conhost.exe 71->89         started        91 conhost.exe 77->91         started        93 conhost.exe 77->93         started        95 2 other processes 77->95 file20 signatures21 process22 process23 97 conhost.exe 79->97         started       

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe47%ReversingLabsWin32.PUA.CheatEngine
                                SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe100%AviraPUA/OfferCore.Gen

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\WeatherZero\WeatherZero.exe0%ReversingLabs
                                C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe3%ReversingLabs
                                C:\Program Files (x86)\WeatherZero\uninstall.exe0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)3%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmp3%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)8%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-3V98M.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-445MR.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-456E6.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-62AE0.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-653CG.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-66DVM.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-97V42.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-C340L.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmp8%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-FA58B.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-I3P27.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-IEG10.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmp3%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-K6NOS.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-LONV1.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-NGAGF.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmp0%ReversingLabs
                                C:\Program Files\Cheat Engine 7.5\is-P76J3.tmp0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                No Antivirus matches

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                mosaic-orio.apis.mcafee.com
                                		52.37.69.68
                                		truefalse
                                  		unknown
                                  bg.microsoft.map.fastly.net
                                  		199.232.210.172
                                  		truefalse
                                    		unknown
                                    cheatengine.org
                                    		172.67.35.220
                                    		truefalse
                                      		unknown
                                      eu.api.openweathermap.org
                                      		146.185.152.21
                                      		truefalse
                                        		unknown
                                        d3cored83b0wp2.cloudfront.net
                                        		18.173.206.112
                                        		truefalse
                                          		unknown
                                          ip-api.com
                                          		208.95.112.1
                                          		truefalse
                                            		unknown
                                            localweatherfree.com
                                            		188.114.96.3
                                            		truefalse
                                              		unknown
                                              d14mh4uvqj4iiz.cloudfront.net
                                              		18.239.36.94
                                              		truefalse
                                                		unknown
                                                atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.com
                                                		52.204.15.254
                                                		truefalse
                                                  		unknown
                                                  shield.reasonsecurity.com
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    analytics.apis.mcafee.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      track.analytics-data.io
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        sadownload.mcafee.com
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          api.openweathermap.org
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            https://d3cored83b0wp2.cloudfront.net/f/RAV_Triple_NCB/images/DOTPS-855/EN.pngfalse
                                                              https://cheatengine.org/latestversion.txtfalse
                                                                https://shield.reasonsecurity.com/ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true&oip=26&ptl=7&dta=true&pds=%5bepp%2cvpn%2cdns%5dfalse
                                                                  https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipfalse
                                                                    https://d3cored83b0wp2.cloudfront.net/f/WebAdvisor/images/943/EN.pngfalse
                                                                      https://d3cored83b0wp2.cloudfront.net/ofalse
                                                                        https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipfalse
                                                                          http://ip-api.com/json/false
                                                                            https://d3cored83b0wp2.cloudfront.net/zbdfalse

                                                                              URLs from Memory and Binaries

                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                              https://www.mcafee.com/consumer/en-us/policy/legal.html/1489/SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                https://webcompanion.com/termsSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  https://www.reasonsecurity.com/safer-web/privacy-policy?utm_source=reason_safer_web_installerw0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      https://www.premieropinion.com/privacy-policypSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://home.mcafee.com/Root/AboutUs.aspx?id=eulaSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000007.00000003.1845731860.0000000005698000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            https://shield.reasonsecurity.com/prod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              https://www.mcafee.com/consumer/en-us/policy/legal.htmlXSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1789180727.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1787607047.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                https://localweatherfree.com/WZSetup.exe, 00000009.00000002.1949709541.0000000000626000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  https://update.reasonsecurity.com/v2/live-bn:ReasonLabs-dt:10rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://www.premieropinion.com/common/termsofservice-v1SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000075A6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076363252.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.0000000007620000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000007.00000003.2316153316.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2315784248.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        https://beta.reasonlabs.com/contact-us?prod=2&utm_source=vpn_uninstall&utm_medium=home_contact_suppow0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          https://shield.reasonsecurity.com/rsStubActivator.exeJSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2114097581.0000000005074000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            https://localweatherfree.com/yWZSetup.exe, 00000009.00000003.1939293356.0000000000664000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              https://www.avast.com/privacy-policyPSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                https://www.remobjects.com/psSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1333857903.0000000002660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1335851235.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000000.1337413894.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000000.1821761664.0000000000401000.00000020.00000001.01000000.00000018.sdmpfalse
                                                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316153316.00000000056A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    https://www.innosetup.com/SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1333857903.0000000002660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1335851235.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000000.1337413894.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 0000000B.00000003.1806341235.0000000002530000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 0000000B.00000003.1809685937.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000000.1821761664.0000000000401000.00000020.00000001.01000000.00000018.sdmpfalse
                                                                                                                      https://www.premieropinion.com/common/termsofservice-v1.tmpzSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2027122872.0000000004FD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        https://reasonlabs.com/platform/packages/essential?utm_source=rav_uninstall&utm_medium=home_website_w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameprod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            https://www.mcafee.com/consumer/v/wa-how.html6saBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              https://localweatherfree.com/forecasti7w947mUg75BtxgJZJoRVLI4DJork8ThpNXc%2F0yBkAljIwdZIqwSEPb0ACjZyWZSetup.exe, 00000009.00000003.1862506896.0000000000664000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                http://defaultcontainer/Weather.Zero;component/Fonts/UltLt/helveticaneueltstd-ultlt.otfWeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://www.winzip.com/win/en/privacy.htmlSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      http://schemas.datacontract.org/2004/07/WeatherZero.WeatherWeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        https://sadownload.mcafee.com:443/products/SA/v1/update/post_install.xmltps://sadownload.mcafee.com/saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          https://shield.reasonsecurity.com/ReasonLabs-Setup-Wizard.exeprod0.exe, 00000006.00000002.3803291905.0000025F0B441000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            https://www.360totalsecurity.com/en/privacy/TSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              https://www.opera.com/he/eula/computersSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                https://analytics.apissaBSI.exe, 00000007.00000002.2331377609.000000000335B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  https://update.reasonsecurity.com/v2/updatew0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    http://nsis.sf.net/NSIS_ErrorWZSetup.exe, WZSetup.exe, 00000009.00000003.1944373884.0000000002941000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmp, WZSetup.exe, 00000009.00000000.1790821081.000000000040A000.00000008.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                      http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtdCheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000007.00000000.1773082379.000000000067E000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            http://schemas.xmlsoap.org/wsdl/WeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              https://shield.reasonsecurity.comprod0.exe, 00000006.00000002.3803291905.0000025F0B51C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                https://www.cheatengine.org/CheatEngine75.exe, 0000000B.00000003.1980465629.00000000023A1000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000D.00000003.1972295221.00000000025A1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://update.reasonsecurity.com/v2/liversSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B0000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://analytics.apis.mcafee.com/saBSI.exe, 00000007.00000003.1799680769.0000000003302000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000007.00000003.2316153316.00000000056A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://www.premieropinion.SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000075F9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://github.com/dahall/taskschedulerw0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3883868948.00000171EEA42000.00000002.00000001.01000000.00000037.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000007.00000002.2330985344.00000000032EF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316438520.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000002.2332042305.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316238850.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://www.winzip.com/win/en/eula.htmlSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://www.mcafee.com/consumer/v/wa-how.htmlTHsaBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://www.reasonsecurity.com/vpn/terms?utm_source=reason_vpn_installerw0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://webcompanion.com/terms3e888c3d3327e9b930d88959235e161efa7ecf6d460FF/DOTPS-554/WcInstaller.ziSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1477554587.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.htmlmages/pSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.000000000087B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        http://ocsp.sectigo.com0SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://update-beta.reasonsecurity.com/v2/livew0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              http://defaultcontainer/Weather.Zero;component/Fonts/UltLt/XWeatherZero.exe, 00000030.00000002.3806020572.00000000033F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://d3cored83b0wp2.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipFF/DOTPS-554/WcInstaller.ziSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1516870226.0000000004FBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://system.data.sqlite.org/Xw0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://update.reasonsecurity.com/v2/live:rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://www.premieropinion.com/common/termsofservice-v1~)/kSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://reasonlabs.com/policiesSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2113782558.0000000005024000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://update-beta.reasonsecurity.com/v2/updatew0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://sadownload.mcafee.com/saBSI.exe, 00000007.00000003.1800056272.0000000003301000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1813652876.00000000032BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1799821675.00000000032F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://www.avast.com/privacylSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://www.premieropinion.com/privacy-policy5SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    http://d14mh4uvqj4iiz.cloudfront.netprod0.exe, 00000006.00000002.3803291905.0000025F0B534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmlsaBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/saBSI.exe, 00000007.00000003.1848881136.0000000003356000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316153316.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1954864080.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2315784248.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1943924009.00000000056BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316353934.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://sadownload.mcafee.com/products/sasaBSI.exe, 00000007.00000002.2330985344.000000000327E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            https://analytics.apis.mcafee.com/ZsaBSI.exe, 00000007.00000003.1789155539.00000000032BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              https://www.reasonsecurity.com/w0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000002.3798654069.000001718002C000.00000004.00000800.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://www.avast.com/eulaSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2112651098.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1768392286.0000000004FC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2076694494.0000000004FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    https://update.reasonsecurity.com/v2/live-dt:10rsSyncSvc.exe, 0000000E.00000002.1829400592.000001D09B9AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xmlsaBSI.exe, 00000007.00000003.1853961903.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1846283210.00000000032E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.1811110324.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000007.00000003.2316479568.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        http://docs.oasis-open.org/ns/office/1.2/meta/pkg#CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          https://d3cored83b0wp2.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BFSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            https://shield.reasonsecurity.com/7ReasonLabs-Setup-Wizard.exeprod0.exe, 00000006.00000000.1745066555.0000025F09762000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                                                                              https://update.reasonsecurity.com/v2/livelivee~irsSyncSvc.exe, 00000010.00000002.3791322825.000001E7AB4B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                http://creativecommons.org/ns#CheatEngine75.tmp, 0000000D.00000003.1951553648.00000000050D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  http://www.dk-soft.org/SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.2118870113.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe, 00000000.00000003.1331149795.0000000002520000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1339916380.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2085169749.00000000076C6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    https://www.360totalsecurity.com/en/license/SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ySecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1997514630.0000000006BB7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.1786984293.000000000B71E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        https://shield.reasonsecurity.com/rsStubActivator.exe9235e161efa7ecf6d460SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          https://logziop.reasonsecurity.comUnifiedStub-installer.exe, 0000002D.00000002.2263241058.0000027D6EA72000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                                                                            https://reasonlabs.com/policiesrivacy-policyisor/files/1489/saBSI.zip.pngSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.0000000000902000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              https://www.premieropinion.com/privacy-policyISecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2075355191.000000000506D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2026670671.0000000005052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                https://reasonlabs.com/contact-us?prod=2&utm_source=vpn_uninstall&utm_medium=home_contact_support&ruw0jpn3s4.exe, 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, UnifiedStub-installer.exe, 0000000C.00000000.1805305245.00000171EC042000.00000002.00000001.01000000.00000017.sdmp, Stub.exe, 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  https://www.premieropinion.com/privacy-policyGSecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000003.2052933684.00000000008A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp, 00000002.00000002.2102220973.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                    52.204.15.254
                                                                                                                                                                                                                                                                    		atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.comUnited States
                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                    18.173.206.112
                                                                                                                                                                                                                                                                    		d3cored83b0wp2.cloudfront.netUnited States
                                                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                                    18.173.206.96
                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                                    208.95.112.1
                                                                                                                                                                                                                                                                    		ip-api.comUnited States
                                                                                                                                                                                                                                                                    		53334TUT-ASUSfalse
                                                                                                                                                                                                                                                                    18.239.36.94
                                                                                                                                                                                                                                                                    		d14mh4uvqj4iiz.cloudfront.netUnited States
                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                    52.37.69.68
                                                                                                                                                                                                                                                                    		mosaic-orio.apis.mcafee.comUnited States
                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                    188.114.96.3
                                                                                                                                                                                                                                                                    		localweatherfree.comEuropean Union
                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                    172.67.35.220
                                                                                                                                                                                                                                                                    		cheatengine.orgUnited States
                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                    146.185.152.21
                                                                                                                                                                                                                                                                    		eu.api.openweathermap.orgNetherlands
                                                                                                                                                                                                                                                                    		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                                                    Analysis ID:1483536
                                                                                                                                                                                                                                                                    Start date and time:2024-07-28 00:23:27 +02:00
                                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                    Overall analysis duration:0h 15m 33s
                                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:56
                                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                    Sample name:SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                                    Classification:mal48.troj.spyw.expl.evad.winEXE@77/754@15/9
                                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                                    • Successful, ratio: 85.7%
                                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                                    • Successful, ratio: 67%
                                                                                                                                                                                                                                                                    • Number of executed functions: 135
                                                                                                                                                                                                                                                                    • Number of non-executed functions: 202
                                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 2.19.126.156, 2.19.126.150, 104.18.20.226, 104.18.21.226, 199.232.210.172
                                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, cdn.globalsigncdn.com.cdn.cloudflare.net, ctldl.windowsupdate.com.delivery.microsoft.com, a866.dscd.akamai.net, ctldl.windowsupdate.com, secure.globalsign.com, fe3cr.delivery.mp.microsoft.com, global.prd.cdn.globalsign.com, home.mcafee.com, ocsp.digicert.com, sadownload.mcafee.com.edgesuite.net, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                                                    • Execution Graph export aborted for target Stub.exe, PID 7480 because there are no executed function
                                                                                                                                                                                                                                                                    • Execution Graph export aborted for target UnifiedStub-installer.exe, PID 6392 because it is empty
                                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                    • VT rate limit hit for: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe

                                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                                    18:24:27API Interceptor13x Sleep call for process: SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp modified
                                                                                                                                                                                                                                                                    18:25:03API Interceptor212414x Sleep call for process: prod0.exe modified
                                                                                                                                                                                                                                                                    18:25:09API Interceptor70135x Sleep call for process: UnifiedStub-installer.exe modified
                                                                                                                                                                                                                                                                    18:25:43API Interceptor9606x Sleep call for process: WeatherZero.exe modified
                                                                                                                                                                                                                                                                    18:25:44API Interceptor150879x Sleep call for process: cheatengine-x86_64-SSE4-AVX2.exe modified
                                                                                                                                                                                                                                                                    18:26:04API Interceptor805x Sleep call for process: WeatherZeroService.exe modified
                                                                                                                                                                                                                                                                    23:25:11Task SchedulerRun new task: EPPHealthCheck path: C:\Program Files\ReasonLabs\EPP\Uninstall.exe s>/auto-repair=UnifiedStub

                                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    208.95.112.1Nursultan Alpha Client.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    Easy Anti-Cheat Analyzer.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/json
                                                                                                                                                                                                                                                                    encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/json
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/json
                                                                                                                                                                                                                                                                    Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    VJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    CTIPUPiILj.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                                                    Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                    • ip-api.com/json/?fields=225545
                                                                                                                                                                                                                                                                    18.239.36.94http://rb.gy/nelw68Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      https://drop-manta.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        188.114.96.3QUOTATION_JULQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                        • filetransfer.io/data-package/v4mecse6/download
                                                                                                                                                                                                                                                                        Final Shipping Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                        • www.artfulfusionhub.lat/qogc/
                                                                                                                                                                                                                                                                        RFQ#51281AOLAI.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/
                                                                                                                                                                                                                                                                        DHL Shipment Notification 490104998009.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/dg4Zx
                                                                                                                                                                                                                                                                        Purchase Inquiry.xla.xlsxGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/c8lH8
                                                                                                                                                                                                                                                                        AWD 490104998518.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/sA
                                                                                                                                                                                                                                                                        waybill_shipping_documents_original_BL_CI&PL_26_07_2024_00000000_doc.xlsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                                                        • hq.ax/Oi8
                                                                                                                                                                                                                                                                        RFQ#51281AOLAI.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/dGa
                                                                                                                                                                                                                                                                        RFQ#51281AOLAI.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/
                                                                                                                                                                                                                                                                        Quotation.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                        • tny.wtf/jjJsPX

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        mosaic-orio.apis.mcafee.comLisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                        • 54.71.68.83
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                                        • 52.25.171.187
                                                                                                                                                                                                                                                                        https://www.poweriso.net/PowerISO8-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.26.85.137
                                                                                                                                                                                                                                                                        d14mh4uvqj4iiz.cloudfront.netLisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                        • 18.172.112.38
                                                                                                                                                                                                                                                                        ip-api.comNursultan Alpha Client.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Easy Anti-Cheat Analyzer.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        VJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        CTIPUPiILj.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.comLisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                        • 54.166.97.7
                                                                                                                                                                                                                                                                        https://www.poweriso.net/PowerISO8-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.225.153.117
                                                                                                                                                                                                                                                                        https://mozilla-firefox.fileplanet.com/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.85.139.85
                                                                                                                                                                                                                                                                        RAVUpdate-v5.2.12.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 107.23.111.162
                                                                                                                                                                                                                                                                        eu.api.openweathermap.orghttps://yti.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 146.185.152.21
                                                                                                                                                                                                                                                                        http://Yti.com/gatelinkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 146.185.152.20
                                                                                                                                                                                                                                                                        bg.microsoft.map.fastly.nethttp://telegra-m.fit/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                                                        https://mytalktalks.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                                                        http://cctv.hotmail.cloudns.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                                                        https://pub-9bd32f9f3a4c440a8d2d29005cecef40.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                                                        https://kateallison767.github.io/atlass-verifyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                                                        https://portal.uat.gsx.apple.nitc-crm.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                                                        https://chattts-49f1.beszyrecala.workers.dev/afb94f7f-b0c5-4984-8fe5-d7=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                                                        http://oveman-austral.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                                                        https://kaslasa.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                                                        https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/0f0b5da0d4c1c6c5eae7540b5b33c839/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 199.232.214.172

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        MIT-GATEWAYSUShttp://oveman-austral.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.205.104
                                                                                                                                                                                                                                                                        http://capitalhillblue.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.172.112.71
                                                                                                                                                                                                                                                                        https://bnpparibasfortis.centralapp.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.165.183.97
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.65.39.85
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.66.196.17
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.66.196.92
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.65.39.4
                                                                                                                                                                                                                                                                        205.185.120.123-skid.arm-2024-07-27T10_33_40.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                        • 128.52.65.14
                                                                                                                                                                                                                                                                        205.185.120.123-skid.arm7-2024-07-27T10_33_43.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                        • 19.56.223.200
                                                                                                                                                                                                                                                                        https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.164.52.82
                                                                                                                                                                                                                                                                        TUT-ASUSNursultan Alpha Client.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Easy Anti-Cheat Analyzer.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        VJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        CTIPUPiILj.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                                                                        AMAZON-AESUShttps://bnpparibasfortis.centralapp.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 3.209.9.89
                                                                                                                                                                                                                                                                        APA Paper. currrent.Sp 19_0.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 34.237.241.83
                                                                                                                                                                                                                                                                        https://www.kudoboard.com/boards/ZWwsi9jgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 44.218.48.209
                                                                                                                                                                                                                                                                        http://armannlakeltd.wixsite.com/btinternet/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.86.30.85
                                                                                                                                                                                                                                                                        http://www.linktr.ee/debank.notificationGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 3.233.158.24
                                                                                                                                                                                                                                                                        https://riprogramma.consegna.52-47-206-73.cprapid.com/brt/payment.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.82.5.64
                                                                                                                                                                                                                                                                        Hollandco Company Guidelines Employee Handbook___fdp.docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                        • 44.207.203.25
                                                                                                                                                                                                                                                                        https://b8le2c5j.r.us-east-2.awstrack.me/L0/https:%2F%2Fslivtovara.ru%2Fbitrix%2Fredirect.php%3Fevent1=click_to_call%26event2=%26event3=%26goto=https:%2F%2F7qrw.wanianten.com%2FGhGNAL8%2F%23Pamy@derick.com/1/010f0190ec251e7b-a039cc69-e4b5-46b3-9c67-bbe921a600f9-000000/LLZuw2OBV0eOHt3bnXuAzTOkJoc=169Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                        • 44.207.203.25
                                                                                                                                                                                                                                                                        https://new-sneww-online-nowz-all.azurewebsites.net/?referrer=appmetrica_tracking_id%3D173005530304969909%26ym_tracking_id%3D10094745761516744100Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.209.16.49
                                                                                                                                                                                                                                                                        https://123formbuilder.info/wj412l/#9ryano@vib.techGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 52.21.33.16
                                                                                                                                                                                                                                                                        MIT-GATEWAYSUShttp://oveman-austral.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.205.104
                                                                                                                                                                                                                                                                        http://capitalhillblue.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.172.112.71
                                                                                                                                                                                                                                                                        https://bnpparibasfortis.centralapp.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.165.183.97
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.65.39.85
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.66.196.17
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.66.196.92
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.65.39.4
                                                                                                                                                                                                                                                                        205.185.120.123-skid.arm-2024-07-27T10_33_40.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                        • 128.52.65.14
                                                                                                                                                                                                                                                                        205.185.120.123-skid.arm7-2024-07-27T10_33_43.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                        • 19.56.223.200
                                                                                                                                                                                                                                                                        https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.164.52.82

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        28a2c9bd18a11de089ef85a160da29e4https://portal.uat.gsx.apple.nitc-crm.com/signin.html?InvitationUrl=5e7684b94e37f42d48f1585fd47c1dc4&KeyInvite=5e7684b94e37f42d48f1585fd47c1dc4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://claim-hadiah-10juta.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        http://telegra-m.fit/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://mytalktalks.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://harshasenchati.github.io/Facebook-Tailwind/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        http://cctv.hotmail.cloudns.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        http://securitepro.fr/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://pub-9bd32f9f3a4c440a8d2d29005cecef40.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://kateallison767.github.io/atlass-verifyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        https://portal.uat.gsx.apple.nitc-crm.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0ehttp://telegra-m.fit/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        http://cctv.hotmail.cloudns.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        https://1108853.wcomhost.com/network/am/infospage.php/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        http://business.ismettaiidentitysconfirms.com/meta-community-standard100066651404869/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        https://kaslasa.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        Nursultan Alpha Client.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        Easy Anti-Cheat Analyzer.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        2.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        encrypthub_steal.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.204.15.254
                                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1nISHvSo9E2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        nISHvSo9E2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        YuQu Loader.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        Main.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        7XU2cRFInT.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        Setup.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        SvpnLong2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        SvpnLong2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        rwsNDpQSKZ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 18.173.206.112
                                                                                                                                                                                                                                                                        • 18.239.36.94
                                                                                                                                                                                                                                                                        • 52.37.69.68
                                                                                                                                                                                                                                                                        • 18.173.206.96
                                                                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19777.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        AacAmbientLighting.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen19.37568.5083.12845.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.29632.18649.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        AacAmbientLighting.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        d34e1p5zD2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        Mu7iyblZk8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        Ycj3d5NMhc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                                                                        R86BRY7DdC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                        • 172.67.35.220
                                                                                                                                                                                                                                                                        • 188.114.96.3

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):447488
                                                                                                                                                                                                                                                                        Entropy (8bit):6.049704714571602
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:Pf2wvmWyF2kVbFNCK9FGFMSvmEzBIyDInI:19yFpbfcFBIyDInI
                                                                                                                                                                                                                                                                        MD5:E346FCECD037F0BE2777231949977587
                                                                                                                                                                                                                                                                        SHA1:50E571B3AEA31DB3DF2610A1CA4DFC94612A2CC4
                                                                                                                                                                                                                                                                        SHA-256:EFD8CF9A3BC2AB4E15FA33D42771E18D78539759CBF30652DF4C43E6825CE5F0
                                                                                                                                                                                                                                                                        SHA-512:FFC183626899D1AD1806786BC95C4809AAB3947C78FBFDB38A01D312F2F679DC7DC82F8389074CBCC470D055982CFC370D482FF4D0B3B91532CA409B1FCA32A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^W.........." ..0.............&.... ........... .......................@......y.....@.....................................O.......d.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc....... ......................@..B........................H.......d...`...............X.............................................(....*..(8...*"..(9...*..(....*"..(....*&...(....*&...(....*F...(.......s....*..{....*"..}....*..{....*"..}....*V.(......(......(....*...}".....(....}%.....}#.....}$...*..0..E........{"......YE................+..{$...o.....X*.{#...j(.....X*r...ps....z....0...........{"......YE........R...R...*.{$.....~!...o......!.r...po....&..o....&.r...po....&*.o.....1....o....&..o....&*..[o....&..{#...o....&..]o....&

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\WeatherZero.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2876688
                                                                                                                                                                                                                                                                        Entropy (8bit):7.928270982940127
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:g6+PPRw4iT/VLUBIGR6KmgG5sMU+Fojk7DcPfKZOHUULruOdHqDOAfCFkw:6nq44Az8gB22jkXufKs0ULruMHcOAfCp
                                                                                                                                                                                                                                                                        MD5:7DC1C6AB3BF2DD1C825914F7F6F31B45
                                                                                                                                                                                                                                                                        SHA1:50DA5DF89A759DD1D6F123B98B8AA35298699B3B
                                                                                                                                                                                                                                                                        SHA-256:9B92A8F962D7F8FFC9A06BAFECAFF854D88999107641229B17B68D5532E6E17C
                                                                                                                                                                                                                                                                        SHA-512:695FFAC94223F5419229D84C5E46BACA22C9AC5C57E27B87CDE347A80F343926A529F9EA008390053F7306E8140D421FCBE7789D636B2E489C089F0CB7B7F752
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b..............0..D)..F......6c).. ....)...@.. ........................,.....c.,...@..................................b).O.....).|C............+..Y....+......a).............................................. ............... ..H............text...<C).. ...D)................. ..`.rsrc...|C....)..D...F).............@..@.reloc........+.......+.............@..B.................c).....H.......d_..H.......r........O(...........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*..(....*Vs....( ...t.........*.0..5........s!...}.....(......}.....s"...}.....{....(#...o$...(%...o&.....('......{...........s(...o)....{...........s(...o*....{.....o+....{...........s,...o-...rE..ps.............s,...o/....{....o0....o1...&rO..ps.............s,...o/....{....o0....o1...&.{.....{....o2....{...........s,...o3....{.....

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\WeatherZero.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):200
                                                                                                                                                                                                                                                                        Entropy (8bit):4.747046586710027
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IGMfVKNS7VNQAofS7V2bofJuAW4QIm:TMHdGGsVOAzofLSJ93xm
                                                                                                                                                                                                                                                                        MD5:3F15E291A768459274F9B10338692974
                                                                                                                                                                                                                                                                        SHA1:F1BFC8F7525487B18E05B99C40249C7873C75E4F
                                                                                                                                                                                                                                                                        SHA-256:4C246E60C38399126CA36408BDA7E63BF43B9ECB18F9DAA6E224D36633DC0B69
                                                                                                                                                                                                                                                                        SHA-512:0CDA1129BD34EB72E4927782C3D9BDF3BE7B5E2FE92279E73DE068FC7E4BF4035323AEBB9578CDE8F7630248B47CC67A5EF64AF7B144621CAB10E86010BCF85B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>..

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3385616
                                                                                                                                                                                                                                                                        Entropy (8bit):7.769464020201907
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:98304:EuOjRHrd1zBPC474Iz8pEeVJmUXyevkUL38/cSUJ9yElx7W91a8G8C:91VzF38/LUJ9yE37KGH
                                                                                                                                                                                                                                                                        MD5:2B149BA4C21C66D34F19214D5A8D3067
                                                                                                                                                                                                                                                                        SHA1:8E02148B86E4B0999E090667EF9B926A19B5CA7D
                                                                                                                                                                                                                                                                        SHA-256:95F0E021C978DDD88E2218A7467579255A5AE9552AF2508C4243A4ADEC52D2B8
                                                                                                                                                                                                                                                                        SHA-512:C626F89BC01FDB659F4EE2CF86BA978F04E4BF0DEC2624170C83C21D5AD29E20335566B1F7545D9BADC4E47CA2EA90535C4CB08B4AFA3457B72A5801053706D8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................^..........................................u...T.....T.D....,...T.....Rich..........................PE..L.....b.................&...4)..............@....@...........................3.......4...@...........................................2.0............P3..Y...`3.X,......8...........................@...@............@..(............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data....d'..0...X'.................@....rsrc...0.....2......h2.............@..@.reloc..X,...`3......"3.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\uninstall.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):320035
                                                                                                                                                                                                                                                                        Entropy (8bit):7.891495118554517
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:V1ssjvm3L1cBg+0FaZLqKxIyCMVr8ozzirUi:gsoL1c++0FCGKTCkpm
                                                                                                                                                                                                                                                                        MD5:44C6F7F2084D37AAD08C078A43F2E7BC
                                                                                                                                                                                                                                                                        SHA1:FBD6EB7B7BCADD6257CCB30FDC5344B895AFB5BA
                                                                                                                                                                                                                                                                        SHA-256:010D36593138E29B90EE5D344BA720369B9D21C20FDBDA93FC5A6C2AA1E46FA3
                                                                                                                                                                                                                                                                        SHA-512:A8806E66405B9AE160CB2F41332506659FAE3594CE6906B6B53153F4BC884A4ADA99532828F075E68C0886F9C4AF2A99879B7C4BDA8FC6CBC8FA519DE253B741
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L...<.Oa.................f...|.......3............@.......................... ........`...@.................................D...........HD...........2_..Y...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8U...........~..............@....ndata...................................rsrc...HD.......F..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\WeatherZero\wz.ico

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):146222
                                                                                                                                                                                                                                                                        Entropy (8bit):6.2734588250494
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:I0GLQ/1t912mCTFpbEoAu6QRG38ulhJ/eSk91MjXYqMFgK1s2BylAvKirweQpeUB:IFE5Nli9Ux2K
                                                                                                                                                                                                                                                                        MD5:D1DE53F6C0818C7137207D5B6A95158F
                                                                                                                                                                                                                                                                        SHA1:64FEFD3B51375198E52D932E193AB3BC0790A60D
                                                                                                                                                                                                                                                                        SHA-256:6F8107DB61996754E700964B2716E055914D2ADF475BE8FDA12234B5B98DC4E4
                                                                                                                                                                                                                                                                        SHA-512:2F4A2E586A133173540768081A4CA681001CBF5E37B5F55140CF26F919898F0B4D2F83366B38E81E14DEAE6084A32F2E08B7165F7908D272358730B1B681EDD4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...... ......................(.......00.............. ..........n...........h............. .(...~!..``.... ......)..@@.... .(B..N...00.... ..%..v... .... ......&........ .h....6..(... ...@.................................................................................................ssssssssssss...s...........17..0.............0...............8s...............0..............7q...............1..............7p...............1...............p...............1.w....w@.......0H.......wwwv.w.0wggvwvw.gww.ww.pxww.wwwwxww.xw.1(.......wRwwwr.p.x.............0.......q1......q.....wws0......0.....{{........q....s...70.....0....1..........q....s[.s.......0......07.......q......p........0...............q...............1..............#...............8...............p..............7....3ss77777777..................................................................................................................................(....... .................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33688
                                                                                                                                                                                                                                                                        Entropy (8bit):7.20956664617613
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zVYdpNkp9TvDXy2XmVEV3GPkjVvDXy2ulqwVEV3GPkjL:zVY1+nCDOEECDbOEw
                                                                                                                                                                                                                                                                        MD5:4ACE42D6530AF699FEB2372F805A6A40
                                                                                                                                                                                                                                                                        SHA1:FB8C7352808F104E851468F25D0DD14A25B8CFCA
                                                                                                                                                                                                                                                                        SHA-256:13DCE393B59B9EF4A5D4FCDC27267D018B350BDC44A62AACC5DBC7F1DF7F7A1C
                                                                                                                                                                                                                                                                        SHA-512:8BB770F304CD8BA23FB2A64370D74AC3FDC134235FF39802983B9BABDE12AB00E49A746F3C2113520F0E135CDFD1473C0B4B64272279D13E576912126AA556D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0............."3... ...@....... ....................................`..................................2..O....@...................g...`...... 2..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........"..............................................................R..{....o.....o....&*&...}....*..0............r...p(......,.....r...po.......8.....{.....o......{....r...p(........,..{.....{....o.....r;..p(.......{..........%...o......o....o...........,e....+F....o......o....o........(....rI..p.o......o....o....(....o........X.....o....o..........-...+....+..*..(.......s ...}.....{.....o!.....{.....o"....*.0............|....(#.....,..|....($....*....0..............(%..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):399264
                                                                                                                                                                                                                                                                        Entropy (8bit):6.025523802176381
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:G0N02KsbnIU70vYrRHAjC0Y0glwgugEnoSE5jq:U2tIUYArRv0Y0glwgugEnoSE5jq
                                                                                                                                                                                                                                                                        MD5:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                                                                                        SHA1:6A7DAA7372E93C48758B9752C8A5A673B525632B
                                                                                                                                                                                                                                                                        SHA-256:E31B233DDF070798CC0381CC6285F6F79EA0C17B99737F7547618DCFD36CDC0E
                                                                                                                                                                                                                                                                        SHA-512:0139EFB76C2107D0497BE9910836D7C19329E4399AA8D46BBE17AE63D56AB73004C51B650CE38D79681C22C2D1B77078A7D7185431882BAF3E7BEF473AC95DCE
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.......................P....)...-................@.......................... ..................................................d........................k..................................P.......................0................................text...P........................... ..`.data....).......*..................@....rdata.............................@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\CheatEngine.chm (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):306758
                                                                                                                                                                                                                                                                        Entropy (8bit):7.936079952495831
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
                                                                                                                                                                                                                                                                        MD5:BB80FEC3B6E843B61859914480706CD9
                                                                                                                                                                                                                                                                        SHA1:0CED874BEE5BDA6059B5195911AA117693D9D2DE
                                                                                                                                                                                                                                                                        SHA-256:2D52F9D59211F8906ACE16525721B1400343BDF720F062CF111D84089F129009
                                                                                                                                                                                                                                                                        SHA-512:78D8A024DABD111B59BEEA4DC21150C7FBB3A6924201D2F3FF9E720E4BBC967BBFF285BA2064BC35C260FFDE433C639FDC0252C47AE29B43398117EDA21CF648
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:ITSF....`........2.........|.{.......".....|.{......."..`...............x.......T0.......0..............F...............ITSP....T...........................................j..].!......."..T...............PMGLS................/..../#IDXHDR..t.../#ITBITS..../#IVB...B.,./#STRINGS...O.r./#SYSTEM..v.6./#TOPICS...t.../#URLSTR...t.[./#URLTBL...t.../#WINDOWS...2.../$FIftiMain...<..8./$OBJINST...}.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...y../$WWKeywordLinks/..../$WWKeywordLinks/BTree..z.L./$WWKeywordLinks/Data...F.../$WWKeywordLinks/Map...G../$WWKeywordLinks/Property...Y ./0-ptaddresslist.html...8.S./1-ptmemoryview.html......./2-ptondebugevent.html...".../3-ptprocesswatcherevent.html...;.i$/3Dpinballforwindowspointercode.html.....s /4-ptfunctionpointerschange.html...$.2./5-ptmainmenu.html...V.]./aa_addextracommand.html...v.../aa_removeextracommand.html......./About.html...q."./Aboutb1.JPG...*.i./AboutCheatEngine.html.....U./Aboutthedebugger.html.....V./address.html...9.../Ad

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):183200
                                                                                                                                                                                                                                                                        Entropy (8bit):6.842191242335636
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KAm/u5ImKJacvUOQC2mCDiGuTEG2BiERGNcCYOqtwyROYeoHVP0bkHnP0z:Niu5MJa9hZun2BiERaEwyOM2Qsz
                                                                                                                                                                                                                                                                        MD5:F1C9C9A8B035DA9385D88CA34CD49305
                                                                                                                                                                                                                                                                        SHA1:77E48F73C224949EC8BD8A32087609B7BF217E94
                                                                                                                                                                                                                                                                        SHA-256:4168D6408994A297665AEEA68ABB6C062D58EA00851751959557E7F8A8BAC17D
                                                                                                                                                                                                                                                                        SHA-512:D7BD2FC8592E18CA46CDF1DC74496CF3CB5EF991F4BD9E141DEEABA0F665E731A5953CAAF1CD39859817EB6D0C1B77700FE08EEED15320757B3FA36D798C4C7B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cK..'*..'*..'*....[.-*....Y..*..uB...*..uB..6*..uB..5*....X.=*....a.,*..'*..V*...C..!*...CU.&*...C..&*..Rich'*..................PE..L....(.c............................$U............@.................................(D....@..................................F..x....p...............`...k......d....7..p............................7..@............................................text............................... ..`.rdata..^...........................@..@.data........P.......@..............@....rsrc........p.......J..............@..@.reloc..d............L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):210336
                                                                                                                                                                                                                                                                        Entropy (8bit):6.575377720318411
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:vWMJUr2f2Im9kj/FqgmHpJ1/YCVuIB9Vxv7bn1UC9gfkCeEWHFP0jHzP0Q:vWc02f2R6FqgoJ1boIPRUsfGjQQ
                                                                                                                                                                                                                                                                        MD5:A2C0B5D0D9E5C2A2C774E8B587850447
                                                                                                                                                                                                                                                                        SHA1:C8AA4CB01676D57B34AAB22C7FD018B63DFF6892
                                                                                                                                                                                                                                                                        SHA-256:F0F3D0FAD632D9DDAC8FF0B4EAEC20094FA0F9ABDDF784954DFBB0723A997F21
                                                                                                                                                                                                                                                                        SHA-512:85F4AEB562424ABF0E2BC5EDE0CDF0052FBB15E7DF70F691C11B06171A8A45A6672C2C688CD5B6FFEBEE16C36FDAC7978E39CA04F8C29F75D588D2ACA3599395
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..........rZ.....rX.:..................rY....f.`..........(......(.T....(......Rich...........PE..d....(.c..........".................<X.........@....................................^.....`.................................................L...x........................k..............p...............................................(............................text............................... ..`.rdata..............................@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):242616
                                                                                                                                                                                                                                                                        Entropy (8bit):6.432754517349666
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:Bj9mOBuELLZXBJPCR6ygny56rs+iO2AwCNCtALb44TPk3Ap1rleY/DptNH/P0uHV:fn7LhBJ9W56A+iOlfN/LbZnbptN0uZH
                                                                                                                                                                                                                                                                        MD5:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                                                                                        SHA1:4B5FD2F168380919524ECCE77AA1BE330FDEF57A
                                                                                                                                                                                                                                                                        SHA-256:65FA2CCB3AC5400DD92DDA5F640445A6E195DA7C827107260F67624D3EB95E7D
                                                                                                                                                                                                                                                                        SHA-512:29A0619093C4C0ECF602C861EC819EF16550C0607DF93067EAEF4259A84FD7D40EB88CD5548C0B3B265F3CE5237B585F508FDD543FA281737BE17C0551163BD4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........H..................$...t.................@.............................................................................d....................H...k..................................P.......................4................................text............................... ..`.data...$...........................@....rdata..............................@..@.bss....t....P...........................CRT.................,..............@....idata..............................@....rsrc................:..............@.../4......$............F..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\Tutorial-i386.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1112834
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995534990823338
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:24576:H1XCCswrgMlbH4v3Cj6N3yHORtmV7VJPX/uPQDNDcpLwBlxaZm5g5Gvh6at0:ACRlbHhj6N3vR4Vt/uSN2L6LaZAgcvHC
                                                                                                                                                                                                                                                                        MD5:38B22DEDFBCAFE1376ACEB7A0722FB8F
                                                                                                                                                                                                                                                                        SHA1:6C96AA4E7C71C82A82951443BA6DAE9019601E55
                                                                                                                                                                                                                                                                        SHA-256:F092D81531B8603A52F70245D041E2C43B020280BD9F358172330FF405E451CD
                                                                                                                                                                                                                                                                        SHA-512:135EF19161572A57AE1BC618C6CC7FDE889BD1A5C88E6125080C3712E7F0AE96F2A9B7728765C1B115F91CE48200CA47CA0C43E31625CBD11DFFA181610F03CA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK..&..}|T.7~Nf.L...@..".2(..Di....M#.....(meJ.(7...'..'.f.0.k..V.....k...QQf...HqB(N.b@jO.T..&C.2...93.....y>...=s.w.....k...R..zN.q...H..8._....U.3i.[...i.........5{K.3.-.....|...g.{cv..t....^..U..yb..'...4JD.[...I...t.x]f...c.y#8.....U..;I.....ro....M..Qo..?&.....g......|.?.^w#......%@OV.wO....r.x..7.#.PFJP...B...9n.O|..-.F>.w....1...[.....^6..q......p..~{.V..<-Xp.z..z....m..........=5......n.......}..).....x...........,.m...0......1.....>..^._d...~...<.........b=...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...Q..3..`#.M..dp..g38..f./d.b..2x...2x.........^.....f.z.o`..........v..`p9...\..Z..dp=.w1.E..e.>..g...70. ...|.....ap;.;..c.)...|......`.....2x..!.....c.7...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...q..3..`#.M..dp..g38..f./d.b..2x...2x...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3403192
                                                                                                                                                                                                                                                                        Entropy (8bit):6.035185815441339
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:ar2V9BrWblVbqS1+Cxz0MB95D//ocnaMo6WuDgRPZO/Y12y6Pu:aqV9BqzbqSR009StqG
                                                                                                                                                                                                                                                                        MD5:1C1630B241D5A6BE07BFBA2B3EA97A25
                                                                                                                                                                                                                                                                        SHA1:7203255D1A6021874D41A48FCD5719FD7034F34C
                                                                                                                                                                                                                                                                        SHA-256:526CDDD0D843F5984AC6CB98D28F22B090682C3A8704122B644EC8AE2C9A10E5
                                                                                                                                                                                                                                                                        SHA-512:BDDEDB575FEBF8C8103CFBB1981FD1D5F20D2E0F1D6F4252A98930D587420A69750DDC1BE46932CDF979B8633054321F462557D88349459E111BE43139BEFF4A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........3......./..... z..tN...j..0,.......................................@4.......4.......................................................2.......2..3... 0.......3..k..................................p...(.....................2..............................text... z.......|.................. ..`.data...tN.......P..................@....rdata...7....!..8....!.............@..@.pdata....... 0.......0.............@..@.bss.....j...02..........................CRT..........2.......2.............@....idata...;....2..<....2.............@....rsrc....3....2..4...L2.............@.../4...........04.......3.............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336600
                                                                                                                                                                                                                                                                        Entropy (8bit):6.344264969706984
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:6LYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CAYOpIOs:6LYEDJAAnHp2uk2KNO0tEQV+b3n6
                                                                                                                                                                                                                                                                        MD5:19D52868C3E0B609DBEB68EF81F381A9
                                                                                                                                                                                                                                                                        SHA1:CE365BD4CF627A3849D7277BAFBF2F5F56F496DC
                                                                                                                                                                                                                                                                        SHA-256:B96469B310BA59D1DB320A337B3A8104DB232A4344A47A8E5AE72F16CC7B1FF4
                                                                                                                                                                                                                                                                        SHA-512:5FBD53D761695DE1DD6F0AFD0964B33863764C89692345CAB013C0B1B6332C24DCF766028F305CC87D864D17229D7A52BF19A299CA136A799053C368F21C8926
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...G.3..D....G...C.......P.......................................E...............................P.......@..P...................@....g...`...$...................................................A..t............................text....3.......4.................. ..`.data...D....P.......8..............@....rdata...a...p...b...L..............@..@.bss.....G...............................CRT.........0......................@....idata..y....@......................@....edata.......P......................@..@.reloc...$...`...&..................@..B.stab... ...........................@..B.stabstr............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):479536
                                                                                                                                                                                                                                                                        Entropy (8bit):5.994666279988566
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:Tch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCeMG:e6Utc6gdcfkv+KIR
                                                                                                                                                                                                                                                                        MD5:DAA81711AD1F1B1F8D96DC926D502484
                                                                                                                                                                                                                                                                        SHA1:7130B241E23BEDE2B1F812D95FDB4ED5EECADBFD
                                                                                                                                                                                                                                                                        SHA-256:8422BE70E0EC59C962B35ACF8AD80671BCC8330C9256E6E1EC5C07691388CD66
                                                                                                                                                                                                                                                                        SHA-512:9EAA8E04AD7359A30D5E2F9256F94C1643D4C3F3C0DFF24D6CD9E31A6F88CB3B470DD98F01F8B0F57BB947ADC3D45C35749ED4877C7CBBBCC181145F0C361065
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................& ...G.......XJ..P................................................................................................`.......P..P...............t1.......g...p..(...................................................`S...............................text.............................. ..`.data...............................@....rdata..............................@..@.pdata..t1.......2..................@..@.bss....XJ...............................CRT.........@......................@....idata.......P......................@....edata.......`......................@..@.reloc..(....p......................@..B/4..................................@..B/16.................................@..B/30.................................@..B/42.....@...........................@..B........................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\DotNetInject.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8088
                                                                                                                                                                                                                                                                        Entropy (8bit):5.172167677485522
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG
                                                                                                                                                                                                                                                                        MD5:B5AE011C70C1D26CC31A5D818D60E53C
                                                                                                                                                                                                                                                                        SHA1:7BE6AD86FCC9208D6F21B9F1D464B6334E64922B
                                                                                                                                                                                                                                                                        SHA-256:31ED4209776DBFAD74EC811326439D26C02B6AB653056D5E171D952C12D3F25B
                                                                                                                                                                                                                                                                        SHA-512:440B1AFC72D671D8AA663B6672371AC365029525EE055CF380A9C9C84625FD5FA2B328110633A183F87CECF8D1D2CACB62E49A7EB382B30AAA75DA5B3D2F3054
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--[[..You have a d:\bla.dll with namespace ClassLibraryX, with a class named "MyClass"..That class contains a function defined as:..public static int MyInitFunctionName(string parameters)....then you do: injectDotNetDLL('d:\\bla.dll','ClassLibraryX.MyClass','MyInitFunctionName','Something')....--]]....local DotNetCoreInjectScript=[[..[enable]..alloc(injectdotnetdll, 2048)..alloc(IID_ICLRRuntimeHost4,16)..alloc(RuntimeHost,8)....alloc(paramstr,256)..alloc(methodname,256)..alloc(classname,256)..alloc(dllpath,512)....alloc(returnvalue,4)..alloc(errorvalue,4)..label(error)....dllpath:..dw '%s',0....classname:..dw '%s',0....methodname:..dw '%s',0....paramstr:..dw '%s',0......IID_ICLRRuntimeHost4:..db 66 d3 f6 64 c2 d7 1f 4f b4 b2 e8 16 0c ac 43 af....injectdotnetdll:..[64-bit]..sub rsp,6*8+8..mov rcx,IID_ICLRRuntimeHost4..mov rdx,RuntimeHost..[/64-bit]....[32-bit]..push RuntimeHost..push IID_ICLRRuntimeHost4..[/32-bit]....call GetCLRRuntimeHost..cmp eax,0..jne error....[64-bit]..mov rcx,[Ru

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\DotNetInterface.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20837
                                                                                                                                                                                                                                                                        Entropy (8bit):4.996731854830045
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Rmi4uQRgQgAgm2+CXgSKgKghmg60gGg4tgKplg/Dhrf+1e5l7jTRgzKgIgmoJMQZ:y3KQBHvSo9a452TZ0YgkP
                                                                                                                                                                                                                                                                        MD5:04CDE30D6AA9999A846B5FC3CFC1F56C
                                                                                                                                                                                                                                                                        SHA1:2187AB73161EE8A516D25F8295BB4C7E3DA2F7E3
                                                                                                                                                                                                                                                                        SHA-256:EAE2A91808BB58B386F3BDDE75176C7208C22BF5515C5D6E467C583DF2E72E15
                                                                                                                                                                                                                                                                        SHA-512:FB2F27F3981E587DDD379D54999067092DC2FBE2F243E4A49B2F9D4DA172907D169BC708AA0840631C951FB01CCB9E69A403EB2E19A5F1AFF1BE3FF0EEC27C62
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview: ..--same as monodatacollector but for .net and .netcore..--can theoretically be used on mono as well....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetforceddatacollector.po')..end......local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....dotnet_timeout=3000....DOTNETCMD_TEST=0..DOTNETCMD_INITMODULELIST=1..DOTNETCMD_GETMETHODENTRYPOINT=2..DOTNETCMD_GETFIELDTYPENAME=3..DOTNETCMD_GETFIELDVALUE=4..DOTNETCMD_SETFIELDVALUE=5..DOTNETCMD_LOADMODULE=6..DOTNETCMD_GETMETHODPARAMETERS=7..DOTNETCMD_WRAPOBJECT=8..DOTNETCMD_UNWRAPOBJECT=9..DOTNETCMD_INVOKEMETHOD=10....DOTNETCMD_FIND_MODULEID_WITH_CLASSLIST=11......DOTNETCMD_EXIT=255......dotnetmodulelist={}....function dotnet_findDotNetMethodAddress(namespace, classname, methodname, modulename).. --print(string.format("dotnet_findDotNetMethodAddress('%s','%s','%s','%s')",namespace,classname, methodname, modulenam

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2018
                                                                                                                                                                                                                                                                        Entropy (8bit):4.845505891620365
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:8LRZCSs+dJPHoSLI0zAXFqfzhPR3sAuH7vMTCRTnoH7ADR09ZWgsAU1HTfHU1EP:IRZ7umKgl5s2+cZPs81u
                                                                                                                                                                                                                                                                        MD5:3E20F1013FB48A67FE59BEDE7B8E341B
                                                                                                                                                                                                                                                                        SHA1:8C8A4CB49C3B29DB2C47F84AAFD0416101722BFE
                                                                                                                                                                                                                                                                        SHA-256:96E4429192F9AB26F8BF9F9429F36B388AA69C3624781C61EA6DF7E1BCA9B49B
                                                                                                                                                                                                                                                                        SHA-512:99CF3F88C8B06DA0DBE8085DEE796BEC7A9533990A55FBCE7524A4F941B5ECF0E8EC975A4B032EB2AAABD116C0804995A75036C98A5E4058F25D78D08A11F3F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local pm=AddressList.PopupMenu..local pmAddToNewGroup=createMenuItem(pm)..pmAddToNewGroup.Caption=translate('Add to new group')..pmAddToNewGroup.ImageIndex=MainForm.CreateGroup.ImageIndex..pm.Items.insert(MainForm.CreateGroup.MenuIndex, pmAddToNewGroup)....local oldOnPopup=AddressList.PopupMenu.OnPopup..AddressList.PopupMenu.OnPopup=function(s).. if oldOnPopup then.. oldOnPopup(s).. end.. pmAddToNewGroup.Visible=AddressList.SelCount>=1..end....pmAddToNewGroup.OnClick=function(s).. local i.. local count=0.. local selcount=0.. local withAddress=false.. local hasAddressSupport=false.... if AddressList.SelCount==0 then.. messageDialog('Please select at least one entry first', mtError, mbOK).. return.. end.... hasAddressSupport=AddressList[0].IsAddressGroupHeader~=nil.... for i=0,AddressList.Count-1 do.. if AddressList[i].IsGroupHeader then.. count=count+1.. end.. end...... local groupname=translate(string.format('Group %d',count+1)).. if (isKeyPressed(VK_

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7632
                                                                                                                                                                                                                                                                        Entropy (8bit):4.883983761190223
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:peDFQNTce2Qt5q/sn2Wdk7RlxJKTiZjYsfUv:p3ue2F7RlxJfYP
                                                                                                                                                                                                                                                                        MD5:459B793E0DC43A993F03D8B612F67CEC
                                                                                                                                                                                                                                                                        SHA1:F14AE9AFBE97AF534A11BF98AC1CC096269F1474
                                                                                                                                                                                                                                                                        SHA-256:E2CBB4C2F46305BB07D84222231012FD4C800FE8E1B43E0AA1AF9B6C5D111F7F
                                                                                                                                                                                                                                                                        SHA-512:1740068E3419D153ECBD9D1A6AADA20AABE71915E7422DCE1A83E616E8D2A1084922A81741591A682531E1F8146E437D8688521C7707A4909E5721768A3F956E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Copyright Cheat Engine......local function getOriginalCodeAndFiller(address).. local original,filler.... if type(address)~='number' then.. address=getAddressSafe(address).. end.... if address==nil then.. return nil, 'invalid address'.. end.... local sl=createStringList().. local d=createDisassembler().. local size=0.. while size<5 do.. d.disassemble(address).. local ldd=d.LastDisassembleData.. local inst=ldd.opcode..' '..ldd.parameters.. sl.add(inst).. size=size+#ldd.bytes.. address=address+#ldd.bytes.. end.... original=sl.Text.. if size-5>0 then.. filler=string.format("nop %x", size-5).. else.. filler=''.. end.... sl.destroy().. d.destroy().. return original,filler..end......local function hookSpeedFunctions().. if speedhack and speedhack.processid==getOpenedProcessID() then .. return true.. end.... local result, data=autoAssemble([[.. alloc(speedhack_wantedspeed,4).. registersymbol(speedhack_wantedspeed).. speedhack_w

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9243
                                                                                                                                                                                                                                                                        Entropy (8bit):4.766574177681985
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:C64/8dXYKgLNhpwHmFUazyI+Q4Om1q/Qt:t4nHUKUa0Out
                                                                                                                                                                                                                                                                        MD5:40D6BFE593194CF938E19622A3C13A5E
                                                                                                                                                                                                                                                                        SHA1:761257E8EF492431CF0E04DBCA396FABB25FE1AE
                                                                                                                                                                                                                                                                        SHA-256:C4CEF60489B067C8E7ABCDD5594643A27D0720B21523753DD462D53024287116
                                                                                                                                                                                                                                                                        SHA-512:1D1AAA9DE74B0BB08CC4CECED5DBFA4C589347EAC098D7AE013D5A1BEAAE0EEACA4D314E2591560C6DF14A93DD4E9316CA317D21EFADCCA57D11EEE72F4C6E16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'autosave.po')..end....require("lfs")....autosave={} --todo make local....local AutoSaveSettings=getSettings('Auto Save')..local AutoSaveVersion=1....autosave.getPath=function().. local path=AutoSaveSettings['SavePath'].. if (path==nil) or (path=='') then.. .. path=os.getenv("LOCALAPPDATA").. if (path==nil) or (path=='') then.. path=getCheatEngineDir() --last attempt .. end.. end.. .. if string.sub(path,#path)~='\\' then.. path=path..'\\'.. end.. .. return path..end....function autosave.saveState().... .. local pid=AutoSaveSettings['ProcessID'].. if pid and pid~='' then.. pid=tonumber(pid).. if pid~=getCheatEngineProcessID() then.. --another CE has done an autosave.. if getProcessList()[pid]==nil then.. --it doesn't exist anymore... messageDialog(translate('Another instance of Cheat Engine has crashed and it created an autosave. Autosave disabled until y

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7917
                                                                                                                                                                                                                                                                        Entropy (8bit):5.014591940837417
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:sQJpltyKlR4ZtoOQ9pttWKlR4vtGTQPpMlyFuVCQc6c0RhBmg:stKY59KYQ5JhUg
                                                                                                                                                                                                                                                                        MD5:E76FCD2ECD5B956D4579A676AA3EEA01
                                                                                                                                                                                                                                                                        SHA1:49ECBA5CCC531A40AD7805A126D38B44B4A36576
                                                                                                                                                                                                                                                                        SHA-256:0339BA0043AF5C058CF3A19DE9F90312D18F6BB2728F454EF403B531BD57AE42
                                                                                                                                                                                                                                                                        SHA-512:8443C213D4A626A358631F76A0CC4C106543CE58C94D34A96B88574B3E32AE742F28878B259A17823CA07EC521B06E32E572E7BC77E10951BC0984B07C0571C6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local scripts={}....local function registerBigEndianInt16()..scripts['2 Byte Big Endian'].type=registerCustomTypeAutoAssembler([[..alloc(TypeName,256)..alloc(ByteSize,4)..alloc(ConvertRoutine,1024)..alloc(ConvertBackRoutine,1024)....TypeName:..db '2 Byte Big Endian',0....ByteSize:..dd 2....//The convert routine should hold a routine that converts the data to an integer (in eax)..//function declared as: stdcall int ConvertRoutine(unsigned char *input);..//Note: Keep in mind that this routine can be called by multiple threads at the same time...ConvertRoutine:..//jmp dllname.functionname..[64-bit]..//or manual:..//parameters: (64-bit)..//rcx=address of input..xor eax,eax..mov ax,[rcx] //eax now contains the bytes 'input' pointed to..xchg ah,al //convert to big endian....ret..[/64-bit]....[32-bit]..//jmp dllname.functionname..//or manual:..//parameters: (32-bit)..push ebp..mov ebp,esp..//[ebp+8]=input..//example:..mov eax,[ebp+8] //place the address that contains the bytes into eax..mov a

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14247
                                                                                                                                                                                                                                                                        Entropy (8bit):4.757455540825877
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:p1mEfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:VfPjylLNkKW6tE
                                                                                                                                                                                                                                                                        MD5:26C0E56ABEBFB550A9D208D6191816E0
                                                                                                                                                                                                                                                                        SHA1:8F2392846633AC48A0168AFE9F20AFC124699F4C
                                                                                                                                                                                                                                                                        SHA-256:A825F660DF2E6C13DBECE0A0F8DC306129BD784F8DC4EFC37E67E9CDD00CE65F
                                                                                                                                                                                                                                                                        SHA-512:4FC8A18E2F24374953694CB9230D9DDBA7A1B69B3BA5574AE143CB79B8D0F7CD94E9DD7337EC58EA40769A4B552A583C466781AC7EFF50C9199EAB39AD2076A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'CeShare.po')..end....ceshare={}....function ceshare.getInternet().. if ceshare.internet==nil then.. ceshare.internet=getInternet('ceshare').. end.. return ceshare.internet..end....local pathsep..if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep=[[/]]..end....ceshare.version=-1..ceshare.path=getAutoRunPath()..'ceshare'..pathsep..ceshare.formpath=ceshare.path..pathsep..'forms'..pathsep..ceshare.imagepath=ceshare.path..pathsep..'images'..pathsep....if package.loaded.xmlSimple==nil then.. package.path=package.path..';'..getAutoRunPath()..'xml'..pathsep..'?.lua'..else.. package.loaded.xmlSimple=nil..end..ceshare.xmlParser = require("xmlSimple").newParser()......package.path=package.path..';'..ceshare.path..[[?.lua]]....function loadCEShare().. ceshare.settings=getSettings('ceshare').. ceshare.secondaryIdentifierCode=getSettings('ceshare\\secondaryIdentifierCode').... require("ceshare_account

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6583
                                                                                                                                                                                                                                                                        Entropy (8bit):4.856845566130843
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:2m3dOvyXANbHC7jmHmQr2LHymHG21h5rSTW/S4XHhOLOxInDLnrTH2n8ruHqhV4Z:2m3UvyW9mL/N5XYFCoKmo
                                                                                                                                                                                                                                                                        MD5:0B5180BD64689788EBEAA8E705A264AC
                                                                                                                                                                                                                                                                        SHA1:43A5CC401EE6C4FF4A94697112B1BC1D4345FC19
                                                                                                                                                                                                                                                                        SHA-256:8FD38A5E6C0408CA77E0E7A0EE179B4391758EC6DA94EA289E3A2CBC1AB1EC59
                                                                                                                                                                                                                                                                        SHA-512:CC26E2E36B93BF89AA16C744B2DB60D855DE616DB7A67F4FB24135545104459338C3EDEAB42BB316B1ECB0DB9E31970B1415A1BF638EA3E53AE31471330AEADB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:..function ceshare.login(username,password).. local i=ceshare.getInternet().. local parameters='';.. if username then.. parameters=parameters..'username='..ceshare.url_encode(username).. end .. .. if password then.. parameters=parameters..'&password='..ceshare.url_encode(password).. end.. .. local r=i.postURL(ceshare.base..'login.php',parameters).. if r then.. if (r:sub(1,2)=='<?') then.. local s=ceshare.xmlParser:ParseXmlText(r).. if s then.. if s.Valid then.. ceshare.LoggedIn=true.. return true .. else.. if s.error then.. ceshare.showError(s.error:value()).. end.. end.. else.. ceshare.showError(r).. end.. else.. ceshare.showError(r);.. end.. else.. ceshare.showError('Login system failure').. end..end....function ceshare.logout().. local i=ceshare.getInternet().. local parameters='';.. i.postURL(ceshare.base..'logout.php',parameters).. ceshare.Lo

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4018
                                                                                                                                                                                                                                                                        Entropy (8bit):4.735117902416751
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:5ASgbBrZUxqShyY92Tm1E+J7YYI0+9+DKeRA453wxQRBhqvr5OOeCYBhSj:5ARB2hhPE+WY9+AzE5XsBhSj
                                                                                                                                                                                                                                                                        MD5:0D4D1B597712015EF1B0EC8ADC26495F
                                                                                                                                                                                                                                                                        SHA1:3584779C06619F545B47A27703AA2F47455D50DE
                                                                                                                                                                                                                                                                        SHA-256:89C8FCCC16D2AA0A3004DC1B477A5C1DCBBA539769B2A4558F7C7D9B9809B133
                                                                                                                                                                                                                                                                        SHA-512:AE26BBB2C3F74C143A01EC3B296A26699C679D51BC68C8C7B8C460616D1A0AA065500EBCA83E972A720BD7A3C5A7B63A673EAECEF1391A2E717208EF8DA0796F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.QueryTableComments(entry, startindex).. local result=nil.. local parameters='id='..entry.ID.. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryTableComments.php', parameters).. if s then.. if s.Comments then.. result={}.. .. for i=1, s.Comments:numChildren() do.. local comment=s.Comments:children()[i].. local entry={}.. entry.ID=tonumber(comment["@ID"]).. entry.Username=comment["@username"].. entry.Message=comment["@message"].. entry.Time=comment["@time"].. table.insert(result, entry).. end .. end.. end .. return result..end......function ceshare.createCommentPanel(comment).. local panel=createPanel(ceshare.CommentsFrm.MessageBox).. panel.Align='alTop' .. panel.Tag=comment.ID .. .. local pnlMessage=createPanel(panel).. pnlMessage.align='alClient'.. .. local lblUsername=createLabel(pnlMessage).. lblUsername.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_fulltablelist.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12865
                                                                                                                                                                                                                                                                        Entropy (8bit):4.882563186282491
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:08NVYz/SCrsKrYrygrL5UHsCYBv2S5OVhxPSidLhHYWZHHYzHuxN5FoXQuHNVcbU:Xod1grbuz9hHYWJaQCHqC
                                                                                                                                                                                                                                                                        MD5:665BB2E55E2A13157D1DBFEF05D1B905
                                                                                                                                                                                                                                                                        SHA1:408FEA33F574BD0FA9E4CB71958363398E0699BC
                                                                                                                                                                                                                                                                        SHA-256:DA6ECCE3DB7D305813FFE80CA994663D43F1068F0FB67399A4C66D1F28684BFA
                                                                                                                                                                                                                                                                        SHA-512:8FE95E22680E1E802D0CEEECBBD6B098526468B8CF4D838301D2833247D94E4F3B3A4B76A68F9FAAA2177B42FF2FFEA2DF46EF56A4A0CE501D126135CE8EE985
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local DPIMultiplier=(getScreenDPI()/96)..local ThumbnailWidth=240*DPIMultiplier..local ThumbnailHeight=80*DPIMultiplier....local DummyBitmap=createBitmap()..DummyBitmap.Canvas.Font.Size=12....local getListItemData,getThumbnail,generateListItemBitmap,getListItemBitmap..local cleanPage, setPage,getFullProcessList,filterList....--[[..ceshare.FullProcessList is the downloaded list which contains all entries..ceshare.FullProcessListView is the searchresult....--]]....local backgroundcolor....local darkMode=1..local windowColor,listColor,searchFieldColor,fontColor, fontSize, linkColor, highlightColor..if darkMode==1 then.. listColor=clBlack.. searchFieldColor=clBlack.. fontColor=clWhite.. windowColor=clBlack.. linkColor=0x0000ff.. highlightColor=0x00ff00..else .. listColor=clDefault.. searchFieldColor=clDefault.. fontColor=clDefault.. windowColor=clDefault.. linkColor=0xff0000.. highlightColor=clDefault..end....fontSize=12........function getListItemData(index).. local width..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_permissions.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3720
                                                                                                                                                                                                                                                                        Entropy (8bit):4.600809001198686
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:5JPi+sMwj8PiwwVtZw/FHesmsd6e2g8Qp18RHB0vjjmmNDARNbMymMNPuZdMUX28:5J6+sd4aw2ze/bPWh0RNaoy5uUY2hrEF
                                                                                                                                                                                                                                                                        MD5:65C8D4EDDFE05267A72EAE3DDB2CF02A
                                                                                                                                                                                                                                                                        SHA1:EEF2928D355C8B669F8854DA37162BA1FE32740A
                                                                                                                                                                                                                                                                        SHA-256:15B0C7682E5E8D2E2C2B8CB00C0C03B7DFA9439AC80C37F8E96A4F86652246F9
                                                                                                                                                                                                                                                                        SHA-512:1C151D5A44482362430FBC6ED4550671AD96E768942E4EC2A4C487182BED9D0326A0D40A1AC43F2C8A3DE1E18E33B055CE7126D80FEE9B5B7091ED83A22A41AD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Responsible for editing permissions on tables and changing the owner....function ceshare.ManageAccessList(entry).. if entry then.. .. if ceshare.Permissions==nil then.. local f=createFormFromFile(ceshare.formpath..'Permissions.FRM') .. ceshare.PermissionsFrm=f.. .. f.OnDestroy=function(s).. ceshare.settings.Value['PermissionsFrm.x']=s.left.. ceshare.settings.Value['PermissionsFrm.y']=s.top.. end.. .. f.lbUserNames.Width=f.canvas.getTextWidth('this is a very long username wtf').. f.lbUserNames.Height=f.canvas.getTextHeight('QWERTYjkl')*10.. .. f.lbUsernames.OnDblClick=function(s).. if s.ItemIndex~=-1 then.. s.Items.delete(s.ItemIndex).. end .. end.. .. f.btnAddUSer.OnClick=function(s).. local name=f.EdtUsername.Text.. if name~='' then.. f.lbUserNames.Items.add(name) .. end.. end.. .... local newx=ceshare.settings.Valu

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_processlistextention.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10057
                                                                                                                                                                                                                                                                        Entropy (8bit):4.490014854752693
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:ejQ2511mA/SZ1aHe768NxSnLuYd42QRDwdmxst8mHWVZyjqb/9rPj4Y8JYs5Rjkc:eH7eeeBJZhbN0X1R
                                                                                                                                                                                                                                                                        MD5:607A7C1AB93026D94916F21779D0D645
                                                                                                                                                                                                                                                                        SHA1:3D5A64B256FC44086E6E190EA0BC45B5999E1979
                                                                                                                                                                                                                                                                        SHA-256:EA61EEA6289C2FEBA7B7D0CC24DB5277E383102F24784E6BF7254AF41829599C
                                                                                                                                                                                                                                                                        SHA-512:D6749E2DBE46466A1CB1C464CE3F237836EF6B572EF897C7F5C9D12F80A6C0C7A5DFEA54C3499A91E14B29C8BBF0809CCE433C379F9E5DC0072E436F641C59AD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:..function ceshare.GetCurrentProcessList().. ceshare.currentprocesslist={}.. .. for pid,name in pairs(getProcessList()) do.. local md5name=stringToMD5String(string.lower(name)).. --search processlist for this.. if ceshare.processlist and ceshare.processlist[md5name] then.. local e={}.. e.pid=pid.. e.name=name.. e.md5=md5name.. table.insert(ceshare.currentprocesslist,e).. end.. end.. .. return ceshare.currentprocesslist..end....function ceshare.DownloadProcessList().. --Downloads the processlist .. local i=ceshare.getInternet().. local processlist=i.getURL(ceshare.base..'processlist.txt').. .. if processlist==nil then.. return.. end.. .. if processlist:sub(1,1)=='<' then.. return --it returned html code instead of a md5 list.. end.. .. local f=io.open(ceshare.path..[[processlist.txt]],'wb').. if f then.. f:write(processlist).. f:close().... synchronize(function() ceshare.settings.Value.LastProcessListDownload=os.time(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_publish.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21455
                                                                                                                                                                                                                                                                        Entropy (8bit):4.719034004905997
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:K3KK7BDUUhaWlvyDep8IcDsfUPrBUpJRg:K3hDUUh3Kqp8X9UpPg
                                                                                                                                                                                                                                                                        MD5:87CD08B16891E0DBE3D47BB71CA91691
                                                                                                                                                                                                                                                                        SHA1:55D98338B4AA0DF3566CD2E721B3D3F86A3836AA
                                                                                                                                                                                                                                                                        SHA-256:6BFD35AA64AB566DDB68D0675AD3B4A093649010A9C30DF3A30A7F9DC2ED7702
                                                                                                                                                                                                                                                                        SHA-512:847BECF1D3066A3E185001035B68496B91876BDEB323734782C41FC9B2BDF665BF33C728CEBBE78E820654D87B1969C09B5D1FAED7498538CB5F761984108614
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local function isWindowVisible(winhandle).. return executeCodeLocal('IsWindowVisible',winhandle)~=0..end....local function getBaseParentFromWindowHandle(winhandle).. local i=0.. local last=winhandle.... while winhandle and (winhandle~=0) and (i<10000) do.. last=winhandle.. winhandle=getWindow(winhandle, GW_HWNDOWNER).. i=i+1.. end;.... return last..end....function ceshare.getProcessTitle(pid).. local w=getWindow(getForegroundWindow(), GW_HWNDFIRST).... local bases={}.... while w and (w~=0) do.. if getWindowProcessID(w)==pid then.. if isWindowVisible(w) then.. local h=getBaseParentFromWindowHandle(w).. local c=getWindowCaption(h).. if isWindowVisible(h) and (c~='') then.. bases[h]=c.. end.. end.. end.. w=getWindow(w,GW_HWNDNEXT).. end...... for h,n in pairs(bases) do.. return n --just hope for the best..... end..end....function ceshare.getCurrentProcessTitle().. return ceshare.getProcessTitle(getOpenedProce

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_querycheats.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25075
                                                                                                                                                                                                                                                                        Entropy (8bit):4.523124761905836
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:RYDUUhQNWv2rzc3lytSv5ooI0/r5cCAn9zZMf4gybrby15VZ3faxLao0iH+WpeCC:uDUUhQ0OrbBKGYU63
                                                                                                                                                                                                                                                                        MD5:623B89F1E13C54A1F560B254317948B5
                                                                                                                                                                                                                                                                        SHA1:B90E2DE7A5CFF0B14738F2FB4F6A3A4E1EE1A17C
                                                                                                                                                                                                                                                                        SHA-256:0C6E90C2525F1560ACEA3F4BDAE056D11DF1C2F675C2335594DC80BB910A1B17
                                                                                                                                                                                                                                                                        SHA-512:F80CD50F860A5F8D5C6D6AB7BA8691B443DA91573F3F0FC8D5B82B79556C5AC02ACCC610870EA61A886ECB8A4491457965D082F8F41DF781DED1DB84F7157A3F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.enumModules2().. local m=enumModules().. local r={}.. .. for i=1,#m do.. r[m[i].Name:lower()]=m[i].. end.. .. return r..end....function ceshare.QueryProcessCheats(processname, headermd5, updatableOnly).. local modulelist=ceshare.enumModules2().. local result=nil.. local parameters='processname='..ceshare.url_encode(processname).. .. if isKeyPressed(VK_CONTROL)==false then --control lets you get a new script if needed.. local secondaryIdentifierCode=ceshare.secondaryIdentifierCode.Value[processname:lower()].. if secondaryIdentifierCode and secondaryIdentifierCode~='' then.. local value,param=loadstring(secondaryIdentifierCode)().. if value and param then.. parameters=parameters..'&secondaryidentifier='..ceshare.url_encode(param).. end.. end.. end.. .. if updatableOnly then.. parameters=parameters..'&updatableOnly=1';.. end.... .. .. .. --local r=ceshare.getInternet().postURL(url,parameters).. --local s=ceshare

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_requests.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5622
                                                                                                                                                                                                                                                                        Entropy (8bit):4.880391114169657
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:5cHxYq8COheJHVFvNmAYVL9rAaDu+WYtUX8T794B:5cLJHVF0AGBli+LtcYSB
                                                                                                                                                                                                                                                                        MD5:6CF99831E2AAAFB97E975EAE06A705FF
                                                                                                                                                                                                                                                                        SHA1:B6E71F7D3C779575598B65A6E4FB341344A3DDD2
                                                                                                                                                                                                                                                                        SHA-256:E9D57ACB17502AC169DEB37F211E472F68CD6E8A69E071D384B989FA45E9FA7F
                                                                                                                                                                                                                                                                        SHA-512:F6467C4C9DCAB563DBB5A337C76616208D1A1058D704B222E616E5A0809A156B1A29198919F4BF0D40C55A6E972439722C02AAC8A156C53572B6D7EF80986405
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.QueryProcessRequests(processname, startindex).. local result=nil.. if processname==nil or processname=='' then return end.. .. local parameters='processname='..ceshare.url_encode(processname).. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryProcessRequests.php', parameters).. if s then.. if s.RequestList then.. result={}.. .. for i=1, s.RequestList:numChildren() do.. local request=s.RequestList:children()[i].. local entry={}.. entry.ID=tonumber(request["@ID"]).. entry.Username=request["@username"].. entry.Message=request["@message"].. entry.Score=tonumber(request["@score"]).. entry.Time=request["@time"].. .. table.insert(result, entry).. end .. end.. end.. .. return result..end....function ceshare.createRequestPanel(request).. local panel=createPanel(ceshare.RequestsFrm.MessageBox).. panel.Align='al

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\BrowseCheats.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (8956), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9023
                                                                                                                                                                                                                                                                        Entropy (8bit):6.421978633663277
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:bmmNyxgIf4EwW+rLEUeD0qdYKjj4vxs78t+ojoFv3VU:bmniIf4ERWrPM+O8zjoFv3VU
                                                                                                                                                                                                                                                                        MD5:D4F5FE5A2F5FEEB3D97B2FDF4AE7E6BC
                                                                                                                                                                                                                                                                        SHA1:EEF59C5A8AACD86F993E2BB3F8E5892817A9F7EB
                                                                                                                                                                                                                                                                        SHA-256:9CB25C63AB41BE2BA3984DF20686DD27BF937E029EBFAA56EBE88BAC6DFC53B6
                                                                                                                                                                                                                                                                        SHA-512:B00E9467A5203B04A958A69B20152AD5907E5337A43E3FF8F9209A01D7874DD477BB8596E93B3ACAF7354EE7CE76E742F4A72F598473A9C8CC36BBDBB240BB43
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareCheatBrowser Class="TCEForm" Encoding="Ascii85">wR#CWlw0]!JBwM2C0mxHv1BJor9!e#+^)IR4PFdmhMBQtR{#urq9RgV#kEvaQcTH}rPWf1D1?=9ma[cDQq/,%]{:,V_93t!=;px[:Q,;vJ/mDkeU6R/0GJu.C=L%:wROl8(-E?8Pfcx8H#]N?bOZ4.4GP)h3R2,upbHJ:14Zb81Xnj23:4(sk-cDF047U/GtCXA4##MaDb64T:R[t@F*WS+)+P/B@fUlTJ@*e@==oe!NeI;jme=hpESf_DNTU7Zh+_vqgCT%oh-8c;fkf2OU2#DQDDXpwtH8Vv({A8z[7MrLBqS4[$S7yl0DVECkq-?_AQ6tfhGY];YmZlf-,Dxu.T=[Um4E@Zo$KQr7dl[KE3V(1a(jY6ObO25ycqJDWD/:,CL)]I$Foep:;G5Zi[+iEq:#aE5k3LnTr^Am7v70La,O}s^%JZEV,z;]q+6)EPjENJnBg80O[NL^Q(1}pWg_Kgm+?-]bpIgnqDox95zIdz)ReCFgG^55J:a!fvH2n;(H$?w1SS5nLd@aPmpteX^-zFQUL69JW/db]P)/Ga%uxSTmwywM@Vj.^ROMZ,HJR7t?80A7o#HnRe9QHV1@*/.C6eEG^E86R?kM-Nmms1FM:mm.VwmtAj2Z.qW4-_r?39}e3h%MVhB4sCL=2HQl=^U0:R,f#5*OmtpN3}LBhZN8l9LR9*kqMGB1S).G:$Y?jC}x51g9k$hgE5qOr6M-A6+=/m4wRzq*-[TSOUoz@a2=[B-*a]0A%%!O(MbxbY9{;zA6oJGu8l4b8:fE3R#s1u1[F(EKwW*0JJWJ.LIojsc2R]hF=rUBIq/vh)a5ay=ngpLm3j]/v9.clnID.HX.!N({b8}-y$V=MfgC@W7m]xKm=H{U#bb^MW*aIU@

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\CommentsOrRequests.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1145), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1212
                                                                                                                                                                                                                                                                        Entropy (8bit):6.394471687276162
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dqQ7rMmbWa4nYCr0eZK8kNIkhXKLBq0IykSiHqVMywpvh:cqQ8ha4v0eZ9kexM+kP6Svh
                                                                                                                                                                                                                                                                        MD5:CD4D7AEE15163AB407B4F18D8F93DCC3
                                                                                                                                                                                                                                                                        SHA1:676E3EEA53646F221DCB4C9B7DCC2CB5315F36BC
                                                                                                                                                                                                                                                                        SHA-256:D8DE8120C14DA094FEDDB24C46C3E729D99696CCCE9C2D479797FFBBF34BD20B
                                                                                                                                                                                                                                                                        SHA-512:17EDE3DB62A9D2ABFB8D2715E5ED816A7BADF1EB7EAD79E5B48AB6DB7DCD8215B40CDD03D4A3CFD5EDE4567FA5092D9F7406FB25BC82DCAA26CBEA57C2207F69
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_frmComments Class="TCEForm" Encoding="Ascii85">t)DDk,cpr#A/7c=p(aVCac_YJC*M=gGd/*Y)eX$#io:=Udus-wRuV:apn#yqb]QPxJ@Bc{[m*dvqKCdmL4qHm#,r26oJcGdi}s)10sLwsGz,fI?XUXGC1m[Of?Do3ykE-L7jX/,B{Y=Os]l9Gj*AV$s^Osyo^4Sy-s:2F7i!(p*p/6I6ukpqa3ux9cKimCgsi_D3Aq3^i3Cr*-kgRHi2@.zQ-po8RaEfqNx4m5$i9RRDI[ZC]HX5=wV]Lm*qa/d(:sH27:mEZ^sXyFe_ift$pYf?!P)(D.0)F5Fw%0@NZh-HApM)XW1%vckF6^j3st$Cj*i/I77^s[?JK=Y(uSevX96A1YMnHVVJw7NJ1=5nnIzGM?_AO^MXINRH*o3AO:A)fGh^k;Y!havbbP@t#7?L6VM$V@yg+lwtK4kcGctdhRl!0C+{BXD.lO%Dt?1$:iN+5r^?JRK*Ekb3QX,Ooa0l#dszBoI^O)$CXcWw1d-bX^v^2S+Zy++]le]%6Xf0$(7m):}lwH*2[,^.,#Z@8Io3m?USLYYUO@57?9g._,[[UtA$rM%r?Lcf[[}NVD!L0bCjKXbiBZJZ_QNGHX;zjh*Z%5dyPrMG/:$S6rWd4_Ja#c3jm=-Gj9Gq{VBHcCv6ZDIwF@g/JZ]$%OmVMH,nxNKhE7(2hP!Xxi=(#ks?ReGZ9Wo[zV9zw#K+AjrX;xvXfPVwdLCAHLx[(AX-K$/C$Am8eLAf(5%TGrov.OXZw0[:0R/c4+XI?/@Ua7r+e(JqeAp;)t,:z^Znr7a^9I6Kfp0]ZiaUG6P4ybW^Tr/dg=HxRIPX7x^!_P//Yp:Nu*BEcHz3?NM!(z#dmz/-=jZ(QkFVEb,0e9$F]#Lbl(x6$/^Jlc;ZI1Bk0@u*+5Zc33

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\InitialSetup.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1222), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1289
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4066800193563065
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dIQ7TXr3F7R/8TDt3E/IlGZ264FeZqE1OieF5MiVM6wJAHWMzX4i0pdp:cIQHr35MMIlGZ264FzIjQ5jS2TSpdp
                                                                                                                                                                                                                                                                        MD5:23CC858DA49A7BDA9E9FE3ABF8D86D1D
                                                                                                                                                                                                                                                                        SHA1:9D869496104ACFFF0C5CB572628085666DC53486
                                                                                                                                                                                                                                                                        SHA-256:D5786540891C411BC34A5505A6CEE0E747DF2E5CD410ABFEB94E6D4169C85069
                                                                                                                                                                                                                                                                        SHA-512:B5650AB1AE463F97F5681DD3FDFF7015C963703A7437AC5F71A158F3E0BDC045E69151897D0EC75AA9DD4CCAC5475E6E492CE46A296BCAB8C4C329720E3C002A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_InitialSetup Class="TCEForm" Encoding="Ascii85">wN:e-,eQ$kD9Ms,:TOJVp^GGFDT-EToc7S1YS9iF+scsqg?Im+B^;qeS=.pCOS_er@cngXeS_z#W_tHdx*PcO:s@)oZ_3^H]F8g0FbL,=uf874qw]lv:f=={jA^Jkwd9sFF,+Dxy-Qr!=$6:g56G99=M@z}xhlH-PXCstHtT-YAD*)0(G.WU8bqwHT+/vB)fQ0pf.tlTP:{G:C}Xtypc:2@1Vh4c$zl{4]v1949uDi:A-L2b*R^l,[fG_1%0ZtAnm=K-ouZx/Ea7rFu1,=Ho}^ukD$h$owSu2,E=+v8*10*C5:xUA_3GlE6,!SZ2.@i1lnOPi0fRLjLIEpP!aWxPVgwco1goGdgkmW$nL=]Wr5^8YG7EFJ#lS,VoZ^3q1B3bw@?d*H,3:Q--D+}hws3sW:Ggr!?FcU3AbI#[CkW2CNd*6L;X$Ij(:4oWXEUzTuL]C}]3kEUyXBQ%mC6FK#1xc/oN.OCN27Q{2eBr8E_*Y3g.u^{V!!m-NCo#yYbGfy9o1,GB?K@-tFXo.*2Y+(f@a7e:]SsC1518}atv@G6]exl.2Mxf8A/xssVV*ZOU==*SZK}HeWy8;,+r+lWm5}kp[cwWQ%w}$vLy4RtQiO^-vF2XJ66[G=X+*HoFXm_Rnn8R^uH6qt4I5f[OAspgC03ctUvBJ5]QAF(g[*aupmT;QqvYqnSLv_:4i$^eQ-cNh+Tb^iTeF8iEBTS9UoZ!bMJ:lYd0KyfEymSCvSY1.r=rj]T80S$.4B*DGVw^UNh,);HnWUJ)WqO@o+zILXIP%uay__r.h342dnO5Fk)hW^)e2#EEB?!Y-9JM[Ih*A.;%L=yKmS1E/Ew:=r]1i^th/n=vpl8CsXgZJy+pHd.1f-LoqE0-e51j]%y]3b.Iz

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\Permissions.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1189), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1256
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4186272262096935
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2ddlQ7Be7XyJpQUDdX+ZdEjY6JFxhiVFtGgtkyO3FwBod6cGcNNnpvrAJX:c3QMOJpQUd+Zq1FnsPtKW2RNNnpMh
                                                                                                                                                                                                                                                                        MD5:7FFD1E1B425636CFA08CDA89429C69A6
                                                                                                                                                                                                                                                                        SHA1:EC6A75FCA2BC4F2E8CB7AB9644D1BEDB1D686221
                                                                                                                                                                                                                                                                        SHA-256:44E9BC08A3F919DA8689C4703E77324568F3902E95F8F3F92CCF234BCF7BF649
                                                                                                                                                                                                                                                                        SHA-512:DBA72B7A8F1A3D72101E4F735E0CEA1BE8E72236A81E6FC2CE18E7F93715B5C1F21AA384790C7E0097A23AEB6D52E954CE7C7ADF7C6189A855DCD6FADADE7C9B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_permissions Class="TCEForm" Encoding="Ascii85">y[U.z):Zf/9oey,ro#-q)5,Vt!!R9S$+xJ8X]!W:I*x=3[Gx3HNEut^g*J_?8=a(32Vu,0?Bqk]uNgV+l+:lPk0t(8cXV]gv#M#M.o!M7;hBF$G,p.09@)i.%pjVEaU3!l8.5Yl@]E-A58=Tk;z_N5Vl){FtNlI/[+gfPy**.]4L=Jt,hb7x)Sa_/byvO6y@c9dkATj#EadWQ0,#K=Zb.9=Qy/T]SjAjBoduYKGb_Tg=UN8FFP81f_HZ097Kh1L;%ok/egr]KA]FqXBHSE=G4HXfF7Zxdh$x.y^Ah;zV-}q#0EwmTKBGKh#A,X3QiwLosIXTAS3FL4f+[e;t@P(wYjtoO@%(:DnqoqBPU(mQ+bgZ.H,R_GBjA)JpE#U35lq/yNP:2M?K/XsgEPavz[Kl.dRTuch9G0T^[Z4M3*w3Ng0fr}X%B]Xft0(rc9_%!=fj]?kFa-}3]d%#B]MzvLf)ad:ZKmJRVg-bvc*th$K^l@%4n*x#ko!rJxO4pi.UG{%aT+X-8P/xh;0i3[ZFU^6KV:-wvw7r.%M0{5SQaf.OmITL!jq.jI?U%xZ)-Afl%3JghiI,lODnTq!yB!,B{PUj0Bq25omjJVV721^UdJG*NCw%q{rnTmsU;pX[YLxUI1GVEz4WQwy0oR7/J{COUYI2Gdrn8;.bWfM-FyJSNvXOD1(lm7]c8Y*o+0[w@T*BsEVkNj1G3YvRcyQ,7-F(RPK[3AgLnZXMN$D1=WwA(v8gkCu(bGlm_nhUy5w9kcb=GoWK)3g@b%_-sSLHNX,BR#I[.[sPvFZZ1P}_9^yb;s,g3=$bIZDPevhiSw3;9[s,+^$AxTx%6z:ed/;T7Bb_Q1L+6Wk/@NAQ^:Apm:{0USE[:-(;oqsG@%}]dD33q:

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\PublishCheat.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (2354), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2421
                                                                                                                                                                                                                                                                        Entropy (8bit):6.429603749104613
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cFQ46+MhmKUEJ4Luu8nEq61PwmKekYxRfEQWtJSmhfQl:M0hm9o41bpPRkoEfScIl
                                                                                                                                                                                                                                                                        MD5:D6FCB383A27920083054DD42003BEC4D
                                                                                                                                                                                                                                                                        SHA1:3941A986929680D50B8B74E61323D1D6C20AEC27
                                                                                                                                                                                                                                                                        SHA-256:A8611471651393E17090167C5B6CADE46EAE9FEE8841DB0816BF36A4F43FBE16
                                                                                                                                                                                                                                                                        SHA-512:405CBB3823344BC321E135C8084710352506A342FF22A2C356B0629EB6E929AC44C0098BD6E90256BC0814A7693D367E6E4AEA8BF277B122654E19A185D52938
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCESharePublishCheat Class="TCEForm" Encoding="Ascii85">y.*6f8${pi=/W3.*1,zArU6k,d!d!ufQl-ls,Y!fNFZO-X-g#{G,vLhtBhx=-Ekaq/H#SVsCq+c68]]WTsU(!!kr5zeg+IBtoO@iYsXEHBFEnOc.Dxp:Xq!Lokuq]=eJjp/I-WRzR8]:wYJl#*f+Oe$U)13ZP%)/1dEv,)iX:3LUD]ON0u/Ex@c,6#@2iP3%eyO.{5/3xF;kS^,3j#8^BCTXWQh:t/E;=#:sS%vrAY^E7fpU+qjxY^K=TC:[Aj:e2v/KiD3S!]aPUpD{#eOxJl;(ZPEjWo5XeZaEDxb%uI[r4ZB68kLxwggu]iRcE8Vvb2V%Qe{l#a)h]w5uEcxE_D[6cof/em91pub/3raMC35_y0/LdgQD[?oY{*K-UG*uc(ihsvSb11IfT%K2/CHsPO[L$tB@@HBc_u(%vAq#laLPXVPcje%=O9khxDdRv8n!-[XcFOCNj4^jUk{@WgJ66SR@^2#op]K[rGiJ3ABHsfT]#E[-0CbohNdDumLp2_+t1v0$7*[{IUZK8RiC+E:3L:mn,bP*+Jl2b,[/!3Gvcl^gae*3Lh+7WqR1i,)dHT@xJfs#/Cco93s$W1A#UzVBS5YOp$(l?p/k*M+B!!,U}M%mWL+(7oCP_-jL-,!3#8if7buNv#]k^w@hW]*su6=/UP,%lQ+(KLH,nEDbMsZQoM:r5APbS%@i+u-Bg+E=h)!JNw2(Crhq+@z@J4OE!ROQ*E#Q;TrjSKpQd*{hNlLi95]U)}:.gT$azf}S50ICN(67RONGv)(Yq8w*Mhl5l(=+po74x}KV1Aa%ihg8*GGZL+p[rk=qM#3n?kNL/ph)HLzLF5la70LdE#h[s,@%6{5{N6C2rQF0DwdOiIv5KoEz8apm7gJE_G],m1w

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\UpdateOrNew.FRM (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (869), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                        Entropy (8bit):6.410328130247008
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2d3Q7M2RqjiEC8Fpohhnh13sAy/jtaos59:c3QAkqeP0poh1b3Ivs
                                                                                                                                                                                                                                                                        MD5:5AD30685C039C115C346D24223C3EAE4
                                                                                                                                                                                                                                                                        SHA1:814C5B02040E87906E7A64F4355B8A35101BDACF
                                                                                                                                                                                                                                                                        SHA-256:BD3E07DECC17007796403191246AB0F3585F51532FBF16D496E541C3107D7E0E
                                                                                                                                                                                                                                                                        SHA-512:DE29C279573C7CC542E8A9AC427594E067D47DE390A7D41AC2E7CCDDD646550B5ED6D2ECAE39B2C7B798649B6D61BA5BD259FD0A8814D35B508D3AE96DD19BC1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareUpdateOrNew Class="TCEForm" Encoding="Ascii85">os;.-):Zgr6,4OTNt(59EwId?!-7TO0xTN0rObpT#G!1F=Uz]?kvx+pOgRb+ZopkQ0?q-NY(l9{LORopKlDEI-tYaTk4:OoqpLU0#J^^@d}q]63.!{mFo#cBj3o@D4Xo,_m]eM:Ze9bKCDQ(=vnMRGzt/X^Nh{ll)r*z]kAc6B7!_E^NP;GIVetXz5..E3Bw?7K)HUQ7%P:J)Y5OSwDox6k^$FQwM?+1B(go//h(TZCl@Hl^sagj[$Xfy^H?**^z+0Orr%{RqKw]+=J?XlroTW{/xT3(MHda-+F{gg_H63l,@S9$,!TU?}ws@j:j]LzG$(ah%O8AS7T]!n.kB1]-qabY6+MM(dz{9KW[pR.d9HQ00b7g7bc@:@4d9kC5:Q:Yw)sKwh91%J?)@/RQi$#c4cYKyE7gTg:=*g%)fP4eb%(IXVG6lW8b%S:fG{V$Ssq]VceTw#=)(x*gpYAPip,0)q#+l${P,9hkYP,*rWJVz[vwlU$d(fyUAQXgmaIG+0kV2HZy6zZoJf!Kp:Z*D*uY2wUhr@tRRr7KY1?b-x$GsC^$QYLhwI@d76V[iUrqqb!NfOh;=eSWt#dJ}G//H$yGwrtZ[C1M1Ri:]AG;7.;6Ub4Yfn:FiseB]@CzbAnlKKf[.+sOAN8cvHE(w*P-ygq])RZorM-+,=9F]6CD6BM}4HruZLtPam3scH_7Tt:}@r_nP_DiIZpNi[ANtE[V0){#_tgS*5DnR}NgZ#4x/mMn9ZX=aL:pJvc:?]p3ppVPTd)B(m?dBoJnLa#GHbUqx</frmCEShareUpdateOrNew>..</FormData>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-1R632.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (869), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                        Entropy (8bit):6.410328130247008
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2d3Q7M2RqjiEC8Fpohhnh13sAy/jtaos59:c3QAkqeP0poh1b3Ivs
                                                                                                                                                                                                                                                                        MD5:5AD30685C039C115C346D24223C3EAE4
                                                                                                                                                                                                                                                                        SHA1:814C5B02040E87906E7A64F4355B8A35101BDACF
                                                                                                                                                                                                                                                                        SHA-256:BD3E07DECC17007796403191246AB0F3585F51532FBF16D496E541C3107D7E0E
                                                                                                                                                                                                                                                                        SHA-512:DE29C279573C7CC542E8A9AC427594E067D47DE390A7D41AC2E7CCDDD646550B5ED6D2ECAE39B2C7B798649B6D61BA5BD259FD0A8814D35B508D3AE96DD19BC1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareUpdateOrNew Class="TCEForm" Encoding="Ascii85">os;.-):Zgr6,4OTNt(59EwId?!-7TO0xTN0rObpT#G!1F=Uz]?kvx+pOgRb+ZopkQ0?q-NY(l9{LORopKlDEI-tYaTk4:OoqpLU0#J^^@d}q]63.!{mFo#cBj3o@D4Xo,_m]eM:Ze9bKCDQ(=vnMRGzt/X^Nh{ll)r*z]kAc6B7!_E^NP;GIVetXz5..E3Bw?7K)HUQ7%P:J)Y5OSwDox6k^$FQwM?+1B(go//h(TZCl@Hl^sagj[$Xfy^H?**^z+0Orr%{RqKw]+=J?XlroTW{/xT3(MHda-+F{gg_H63l,@S9$,!TU?}ws@j:j]LzG$(ah%O8AS7T]!n.kB1]-qabY6+MM(dz{9KW[pR.d9HQ00b7g7bc@:@4d9kC5:Q:Yw)sKwh91%J?)@/RQi$#c4cYKyE7gTg:=*g%)fP4eb%(IXVG6lW8b%S:fG{V$Ssq]VceTw#=)(x*gpYAPip,0)q#+l${P,9hkYP,*rWJVz[vwlU$d(fyUAQXgmaIG+0kV2HZy6zZoJf!Kp:Z*D*uY2wUhr@tRRr7KY1?b-x$GsC^$QYLhwI@d76V[iUrqqb!NfOh;=eSWt#dJ}G//H$yGwrtZ[C1M1Ri:]AG;7.;6Ub4Yfn:FiseB]@CzbAnlKKf[.+sOAN8cvHE(w*P-ygq])RZorM-+,=9F]6CD6BM}4HruZLtPam3scH_7Tt:}@r_nP_DiIZpNi[ANtE[V0){#_tgS*5DnR}NgZ#4x/mMn9ZX=aL:pJvc:?]p3ppVPTd)B(m?dBoJnLa#GHbUqx</frmCEShareUpdateOrNew>..</FormData>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-2V468.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1145), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1212
                                                                                                                                                                                                                                                                        Entropy (8bit):6.394471687276162
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dqQ7rMmbWa4nYCr0eZK8kNIkhXKLBq0IykSiHqVMywpvh:cqQ8ha4v0eZ9kexM+kP6Svh
                                                                                                                                                                                                                                                                        MD5:CD4D7AEE15163AB407B4F18D8F93DCC3
                                                                                                                                                                                                                                                                        SHA1:676E3EEA53646F221DCB4C9B7DCC2CB5315F36BC
                                                                                                                                                                                                                                                                        SHA-256:D8DE8120C14DA094FEDDB24C46C3E729D99696CCCE9C2D479797FFBBF34BD20B
                                                                                                                                                                                                                                                                        SHA-512:17EDE3DB62A9D2ABFB8D2715E5ED816A7BADF1EB7EAD79E5B48AB6DB7DCD8215B40CDD03D4A3CFD5EDE4567FA5092D9F7406FB25BC82DCAA26CBEA57C2207F69
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_frmComments Class="TCEForm" Encoding="Ascii85">t)DDk,cpr#A/7c=p(aVCac_YJC*M=gGd/*Y)eX$#io:=Udus-wRuV:apn#yqb]QPxJ@Bc{[m*dvqKCdmL4qHm#,r26oJcGdi}s)10sLwsGz,fI?XUXGC1m[Of?Do3ykE-L7jX/,B{Y=Os]l9Gj*AV$s^Osyo^4Sy-s:2F7i!(p*p/6I6ukpqa3ux9cKimCgsi_D3Aq3^i3Cr*-kgRHi2@.zQ-po8RaEfqNx4m5$i9RRDI[ZC]HX5=wV]Lm*qa/d(:sH27:mEZ^sXyFe_ift$pYf?!P)(D.0)F5Fw%0@NZh-HApM)XW1%vckF6^j3st$Cj*i/I77^s[?JK=Y(uSevX96A1YMnHVVJw7NJ1=5nnIzGM?_AO^MXINRH*o3AO:A)fGh^k;Y!havbbP@t#7?L6VM$V@yg+lwtK4kcGctdhRl!0C+{BXD.lO%Dt?1$:iN+5r^?JRK*Ekb3QX,Ooa0l#dszBoI^O)$CXcWw1d-bX^v^2S+Zy++]le]%6Xf0$(7m):}lwH*2[,^.,#Z@8Io3m?USLYYUO@57?9g._,[[UtA$rM%r?Lcf[[}NVD!L0bCjKXbiBZJZ_QNGHX;zjh*Z%5dyPrMG/:$S6rWd4_Ja#c3jm=-Gj9Gq{VBHcCv6ZDIwF@g/JZ]$%OmVMH,nxNKhE7(2hP!Xxi=(#ks?ReGZ9Wo[zV9zw#K+AjrX;xvXfPVwdLCAHLx[(AX-K$/C$Am8eLAf(5%TGrov.OXZw0[:0R/c4+XI?/@Ua7r+e(JqeAp;)t,:z^Znr7a^9I6Kfp0]ZiaUG6P4ybW^Tr/dg=HxRIPX7x^!_P//Yp:Nu*BEcHz3?NM!(z#dmz/-=jZ(QkFVEb,0e9$F]#Lbl(x6$/^Jlc;ZI1Bk0@u*+5Zc33

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-6B9AC.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (8956), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9023
                                                                                                                                                                                                                                                                        Entropy (8bit):6.421978633663277
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:bmmNyxgIf4EwW+rLEUeD0qdYKjj4vxs78t+ojoFv3VU:bmniIf4ERWrPM+O8zjoFv3VU
                                                                                                                                                                                                                                                                        MD5:D4F5FE5A2F5FEEB3D97B2FDF4AE7E6BC
                                                                                                                                                                                                                                                                        SHA1:EEF59C5A8AACD86F993E2BB3F8E5892817A9F7EB
                                                                                                                                                                                                                                                                        SHA-256:9CB25C63AB41BE2BA3984DF20686DD27BF937E029EBFAA56EBE88BAC6DFC53B6
                                                                                                                                                                                                                                                                        SHA-512:B00E9467A5203B04A958A69B20152AD5907E5337A43E3FF8F9209A01D7874DD477BB8596E93B3ACAF7354EE7CE76E742F4A72F598473A9C8CC36BBDBB240BB43
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareCheatBrowser Class="TCEForm" Encoding="Ascii85">wR#CWlw0]!JBwM2C0mxHv1BJor9!e#+^)IR4PFdmhMBQtR{#urq9RgV#kEvaQcTH}rPWf1D1?=9ma[cDQq/,%]{:,V_93t!=;px[:Q,;vJ/mDkeU6R/0GJu.C=L%:wROl8(-E?8Pfcx8H#]N?bOZ4.4GP)h3R2,upbHJ:14Zb81Xnj23:4(sk-cDF047U/GtCXA4##MaDb64T:R[t@F*WS+)+P/B@fUlTJ@*e@==oe!NeI;jme=hpESf_DNTU7Zh+_vqgCT%oh-8c;fkf2OU2#DQDDXpwtH8Vv({A8z[7MrLBqS4[$S7yl0DVECkq-?_AQ6tfhGY];YmZlf-,Dxu.T=[Um4E@Zo$KQr7dl[KE3V(1a(jY6ObO25ycqJDWD/:,CL)]I$Foep:;G5Zi[+iEq:#aE5k3LnTr^Am7v70La,O}s^%JZEV,z;]q+6)EPjENJnBg80O[NL^Q(1}pWg_Kgm+?-]bpIgnqDox95zIdz)ReCFgG^55J:a!fvH2n;(H$?w1SS5nLd@aPmpteX^-zFQUL69JW/db]P)/Ga%uxSTmwywM@Vj.^ROMZ,HJR7t?80A7o#HnRe9QHV1@*/.C6eEG^E86R?kM-Nmms1FM:mm.VwmtAj2Z.qW4-_r?39}e3h%MVhB4sCL=2HQl=^U0:R,f#5*OmtpN3}LBhZN8l9LR9*kqMGB1S).G:$Y?jC}x51g9k$hgE5qOr6M-A6+=/m4wRzq*-[TSOUoz@a2=[B-*a]0A%%!O(MbxbY9{;zA6oJGu8l4b8:fE3R#s1u1[F(EKwW*0JJWJ.LIojsc2R]hF=rUBIq/vh)a5ay=ngpLm3j]/v9.clnID.HX.!N({b8}-y$V=MfgC@W7m]xKm=H{U#bb^MW*aIU@

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-7F6JI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1189), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1256
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4186272262096935
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2ddlQ7Be7XyJpQUDdX+ZdEjY6JFxhiVFtGgtkyO3FwBod6cGcNNnpvrAJX:c3QMOJpQUd+Zq1FnsPtKW2RNNnpMh
                                                                                                                                                                                                                                                                        MD5:7FFD1E1B425636CFA08CDA89429C69A6
                                                                                                                                                                                                                                                                        SHA1:EC6A75FCA2BC4F2E8CB7AB9644D1BEDB1D686221
                                                                                                                                                                                                                                                                        SHA-256:44E9BC08A3F919DA8689C4703E77324568F3902E95F8F3F92CCF234BCF7BF649
                                                                                                                                                                                                                                                                        SHA-512:DBA72B7A8F1A3D72101E4F735E0CEA1BE8E72236A81E6FC2CE18E7F93715B5C1F21AA384790C7E0097A23AEB6D52E954CE7C7ADF7C6189A855DCD6FADADE7C9B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_permissions Class="TCEForm" Encoding="Ascii85">y[U.z):Zf/9oey,ro#-q)5,Vt!!R9S$+xJ8X]!W:I*x=3[Gx3HNEut^g*J_?8=a(32Vu,0?Bqk]uNgV+l+:lPk0t(8cXV]gv#M#M.o!M7;hBF$G,p.09@)i.%pjVEaU3!l8.5Yl@]E-A58=Tk;z_N5Vl){FtNlI/[+gfPy**.]4L=Jt,hb7x)Sa_/byvO6y@c9dkATj#EadWQ0,#K=Zb.9=Qy/T]SjAjBoduYKGb_Tg=UN8FFP81f_HZ097Kh1L;%ok/egr]KA]FqXBHSE=G4HXfF7Zxdh$x.y^Ah;zV-}q#0EwmTKBGKh#A,X3QiwLosIXTAS3FL4f+[e;t@P(wYjtoO@%(:DnqoqBPU(mQ+bgZ.H,R_GBjA)JpE#U35lq/yNP:2M?K/XsgEPavz[Kl.dRTuch9G0T^[Z4M3*w3Ng0fr}X%B]Xft0(rc9_%!=fj]?kFa-}3]d%#B]MzvLf)ad:ZKmJRVg-bvc*th$K^l@%4n*x#ko!rJxO4pi.UG{%aT+X-8P/xh;0i3[ZFU^6KV:-wvw7r.%M0{5SQaf.OmITL!jq.jI?U%xZ)-Afl%3JghiI,lODnTq!yB!,B{PUj0Bq25omjJVV721^UdJG*NCw%q{rnTmsU;pX[YLxUI1GVEz4WQwy0oR7/J{COUYI2Gdrn8;.bWfM-FyJSNvXOD1(lm7]c8Y*o+0[w@T*BsEVkNj1G3YvRcyQ,7-F(RPK[3AgLnZXMN$D1=WwA(v8gkCu(bGlm_nhUy5w9kcb=GoWK)3g@b%_-sSLHNX,BR#I[.[sPvFZZ1P}_9^yb;s,g3=$bIZDPevhiSw3;9[s,+^$AxTx%6z:ed/;T7Bb_Q1L+6Wk/@NAQ^:Apm:{0USE[:-(;oqsG@%}]dD33q:

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-FVL3U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1222), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1289
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4066800193563065
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dIQ7TXr3F7R/8TDt3E/IlGZ264FeZqE1OieF5MiVM6wJAHWMzX4i0pdp:cIQHr35MMIlGZ264FzIjQ5jS2TSpdp
                                                                                                                                                                                                                                                                        MD5:23CC858DA49A7BDA9E9FE3ABF8D86D1D
                                                                                                                                                                                                                                                                        SHA1:9D869496104ACFFF0C5CB572628085666DC53486
                                                                                                                                                                                                                                                                        SHA-256:D5786540891C411BC34A5505A6CEE0E747DF2E5CD410ABFEB94E6D4169C85069
                                                                                                                                                                                                                                                                        SHA-512:B5650AB1AE463F97F5681DD3FDFF7015C963703A7437AC5F71A158F3E0BDC045E69151897D0EC75AA9DD4CCAC5475E6E492CE46A296BCAB8C4C329720E3C002A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_InitialSetup Class="TCEForm" Encoding="Ascii85">wN:e-,eQ$kD9Ms,:TOJVp^GGFDT-EToc7S1YS9iF+scsqg?Im+B^;qeS=.pCOS_er@cngXeS_z#W_tHdx*PcO:s@)oZ_3^H]F8g0FbL,=uf874qw]lv:f=={jA^Jkwd9sFF,+Dxy-Qr!=$6:g56G99=M@z}xhlH-PXCstHtT-YAD*)0(G.WU8bqwHT+/vB)fQ0pf.tlTP:{G:C}Xtypc:2@1Vh4c$zl{4]v1949uDi:A-L2b*R^l,[fG_1%0ZtAnm=K-ouZx/Ea7rFu1,=Ho}^ukD$h$owSu2,E=+v8*10*C5:xUA_3GlE6,!SZ2.@i1lnOPi0fRLjLIEpP!aWxPVgwco1goGdgkmW$nL=]Wr5^8YG7EFJ#lS,VoZ^3q1B3bw@?d*H,3:Q--D+}hws3sW:Ggr!?FcU3AbI#[CkW2CNd*6L;X$Ij(:4oWXEUzTuL]C}]3kEUyXBQ%mC6FK#1xc/oN.OCN27Q{2eBr8E_*Y3g.u^{V!!m-NCo#yYbGfy9o1,GB?K@-tFXo.*2Y+(f@a7e:]SsC1518}atv@G6]exl.2Mxf8A/xssVV*ZOU==*SZK}HeWy8;,+r+lWm5}kp[cwWQ%w}$vLy4RtQiO^-vF2XJ66[G=X+*HoFXm_Rnn8R^uH6qt4I5f[OAspgC03ctUvBJ5]QAF(g[*aupmT;QqvYqnSLv_:4i$^eQ-cNh+Tb^iTeF8iEBTS9UoZ!bMJ:lYd0KyfEymSCvSY1.r=rj]T80S$.4B*DGVw^UNh,);HnWUJ)WqO@o+zILXIP%uay__r.h342dnO5Fk)hW^)e2#EEB?!Y-9JM[Ih*A.;%L=yKmS1E/Ew:=r]1i^th/n=vpl8CsXgZJy+pHd.1f-LoqE0-e51j]%y]3b.Iz

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-P0M9U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (2354), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2421
                                                                                                                                                                                                                                                                        Entropy (8bit):6.429603749104613
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cFQ46+MhmKUEJ4Luu8nEq61PwmKekYxRfEQWtJSmhfQl:M0hm9o41bpPRkoEfScIl
                                                                                                                                                                                                                                                                        MD5:D6FCB383A27920083054DD42003BEC4D
                                                                                                                                                                                                                                                                        SHA1:3941A986929680D50B8B74E61323D1D6C20AEC27
                                                                                                                                                                                                                                                                        SHA-256:A8611471651393E17090167C5B6CADE46EAE9FEE8841DB0816BF36A4F43FBE16
                                                                                                                                                                                                                                                                        SHA-512:405CBB3823344BC321E135C8084710352506A342FF22A2C356B0629EB6E929AC44C0098BD6E90256BC0814A7693D367E6E4AEA8BF277B122654E19A185D52938
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCESharePublishCheat Class="TCEForm" Encoding="Ascii85">y.*6f8${pi=/W3.*1,zArU6k,d!d!ufQl-ls,Y!fNFZO-X-g#{G,vLhtBhx=-Ekaq/H#SVsCq+c68]]WTsU(!!kr5zeg+IBtoO@iYsXEHBFEnOc.Dxp:Xq!Lokuq]=eJjp/I-WRzR8]:wYJl#*f+Oe$U)13ZP%)/1dEv,)iX:3LUD]ON0u/Ex@c,6#@2iP3%eyO.{5/3xF;kS^,3j#8^BCTXWQh:t/E;=#:sS%vrAY^E7fpU+qjxY^K=TC:[Aj:e2v/KiD3S!]aPUpD{#eOxJl;(ZPEjWo5XeZaEDxb%uI[r4ZB68kLxwggu]iRcE8Vvb2V%Qe{l#a)h]w5uEcxE_D[6cof/em91pub/3raMC35_y0/LdgQD[?oY{*K-UG*uc(ihsvSb11IfT%K2/CHsPO[L$tB@@HBc_u(%vAq#laLPXVPcje%=O9khxDdRv8n!-[XcFOCNj4^jUk{@WgJ66SR@^2#op]K[rGiJ3ABHsfT]#E[-0CbohNdDumLp2_+t1v0$7*[{IUZK8RiC+E:3L:mn,bP*+Jl2b,[/!3Gvcl^gae*3Lh+7WqR1i,)dHT@xJfs#/Cco93s$W1A#UzVBS5YOp$(l?p/k*M+B!!,U}M%mWL+(7oCP_-jL-,!3#8if7buNv#]k^w@hW]*su6=/UP,%lQ+(KLH,nEDbMsZQoM:r5APbS%@i+u-Bg+E=h)!JNw2(Crhq+@z@J4OE!ROQ*E#Q;TrjSKpQd*{hNlLi95]U)}:.gT$azf}S50ICN(67RONGv)(Yq8w*Mhl5l(=+po74x}KV1Aa%ihg8*GGZL+p[rk=qM#3n?kNL/ph)HLzLF5la70LdE#h[s,@%6{5{N6C2rQF0DwdOiIv5KoEz8apm7gJE_G],m1w

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-203EV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1101
                                                                                                                                                                                                                                                                        Entropy (8bit):7.686753451899311
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1f3v5+q2UtliFJGJVpHczJCMQFwdDC2oDCtEnPkEJA:Z3/tligVlccMQUDCpGtEnPkE6
                                                                                                                                                                                                                                                                        MD5:0212208FD406500388F08BC4189CC57E
                                                                                                                                                                                                                                                                        SHA1:79A82F1AC86D6C4BE3C3E4B0A790BFD4E2F6B27E
                                                                                                                                                                                                                                                                        SHA-256:A85170D26B9344DCA793C3B2326EC709D2F2D01578E78B855E82B14795B0025C
                                                                                                                                                                                                                                                                        SHA-512:33E7E2AE0B3D36D8E909CFFC993E6B36923E8775E780832F5D689C15D04712EA412B62CC709C53128D9ACAD34F1922CB9FEE90304DA2F879BEBEB4F3A67B9523
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......(.....6q.H....bKGD..............pHYs...#...#.x.?v....tIME.....7.6`......tEXtComment.Created with GIMPW.......IDATx..\1o.1.}g.?....J..L.XaA..:7.H,,.....0.2...R.t.TE....b..*.*.+...p...;..tCN...=?......uaRs.K%..[N9F.W....`[H.-...t.I...L.;.........!...?.\..|..{x.Z.@e}.....Jo......0zA..{<c...J=.8...*...YN...8[./G....o.9../.`F.....)PL.......s.&...Y.Hy.S.:.W..........9.^....h.w..8U b.O....zc..4*...../ %..OD..8.5....{.XY{..............d.<...tP.1..{o...%.f$F.....(.........D.....D6.i.....~v..m.2e.QS.k!V..K...xT.1}e.............\.y.u.1.>.pO...5.oZ...Ce.C.e.5}..l........[*39........:.E...[.....}...pOd#v..MK..)....S..5....{.T.N...l.M.ue..O.....`/........8.|.a7.T%.R5.x... .)U...:dw....9r.tJ..........N....N..^.S..R..W..Y.4....'...}...P.........0$Q;0',.bU@........A..Q.....<.L.)...`FDwhVX8..~.#...e.."a:6..L.P.-...".......K...a.T....r..Da0.T..=../...G.C...b.x....W....D.S....oFa...L..3....a,...u..].!.z...@+..NP......./.&...aX...9....`.R...:....w..{.`

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\link.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1101
                                                                                                                                                                                                                                                                        Entropy (8bit):7.686753451899311
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1f3v5+q2UtliFJGJVpHczJCMQFwdDC2oDCtEnPkEJA:Z3/tligVlccMQUDCpGtEnPkE6
                                                                                                                                                                                                                                                                        MD5:0212208FD406500388F08BC4189CC57E
                                                                                                                                                                                                                                                                        SHA1:79A82F1AC86D6C4BE3C3E4B0A790BFD4E2F6B27E
                                                                                                                                                                                                                                                                        SHA-256:A85170D26B9344DCA793C3B2326EC709D2F2D01578E78B855E82B14795B0025C
                                                                                                                                                                                                                                                                        SHA-512:33E7E2AE0B3D36D8E909CFFC993E6B36923E8775E780832F5D689C15D04712EA412B62CC709C53128D9ACAD34F1922CB9FEE90304DA2F879BEBEB4F3A67B9523
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......(.....6q.H....bKGD..............pHYs...#...#.x.?v....tIME.....7.6`......tEXtComment.Created with GIMPW.......IDATx..\1o.1.}g.?....J..L.XaA..:7.H,,.....0.2...R.t.TE....b..*.*.+...p...;..tCN...=?......uaRs.K%..[N9F.W....`[H.-...t.I...L.;.........!...?.\..|..{x.Z.@e}.....Jo......0zA..{<c...J=.8...*...YN...8[./G....o.9../.`F.....)PL.......s.&...Y.Hy.S.:.W..........9.^....h.w..8U b.O....zc..4*...../ %..OD..8.5....{.XY{..............d.<...tP.1..{o...%.f$F.....(.........D.....D6.i.....~v..m.2e.QS.k!V..K...xT.1}e.............\.y.u.1.>.pO...5.oZ...Ce.C.e.5}..l........[*39........:.E...[.....}...pOd#v..MK..)....S..5....{.T.N...l.M.ue..O.....`/........8.|.a7.T%.R5.x... .)U...:dw....9r.tJ..........N....N..^.S..R..W..Y.4....'...}...P.........0$Q;0',.bU@........A..Q.....<.L.)...`FDwhVX8..~.#...e.."a:6..L.P.-...".......K...a.T....r..Da0.T..=../...G.C...b.x....W....D.S....oFa...L..3....a,...u..].!.z...@+..NP......./.&...aX...9....`.R...:....w..{.`

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4MBNE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12865
                                                                                                                                                                                                                                                                        Entropy (8bit):4.882563186282491
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:08NVYz/SCrsKrYrygrL5UHsCYBv2S5OVhxPSidLhHYWZHHYzHuxN5FoXQuHNVcbU:Xod1grbuz9hHYWJaQCHqC
                                                                                                                                                                                                                                                                        MD5:665BB2E55E2A13157D1DBFEF05D1B905
                                                                                                                                                                                                                                                                        SHA1:408FEA33F574BD0FA9E4CB71958363398E0699BC
                                                                                                                                                                                                                                                                        SHA-256:DA6ECCE3DB7D305813FFE80CA994663D43F1068F0FB67399A4C66D1F28684BFA
                                                                                                                                                                                                                                                                        SHA-512:8FE95E22680E1E802D0CEEECBBD6B098526468B8CF4D838301D2833247D94E4F3B3A4B76A68F9FAAA2177B42FF2FFEA2DF46EF56A4A0CE501D126135CE8EE985
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local DPIMultiplier=(getScreenDPI()/96)..local ThumbnailWidth=240*DPIMultiplier..local ThumbnailHeight=80*DPIMultiplier....local DummyBitmap=createBitmap()..DummyBitmap.Canvas.Font.Size=12....local getListItemData,getThumbnail,generateListItemBitmap,getListItemBitmap..local cleanPage, setPage,getFullProcessList,filterList....--[[..ceshare.FullProcessList is the downloaded list which contains all entries..ceshare.FullProcessListView is the searchresult....--]]....local backgroundcolor....local darkMode=1..local windowColor,listColor,searchFieldColor,fontColor, fontSize, linkColor, highlightColor..if darkMode==1 then.. listColor=clBlack.. searchFieldColor=clBlack.. fontColor=clWhite.. windowColor=clBlack.. linkColor=0x0000ff.. highlightColor=0x00ff00..else .. listColor=clDefault.. searchFieldColor=clDefault.. fontColor=clDefault.. windowColor=clDefault.. linkColor=0xff0000.. highlightColor=clDefault..end....fontSize=12........function getListItemData(index).. local width..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-E0HVD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6583
                                                                                                                                                                                                                                                                        Entropy (8bit):4.856845566130843
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:2m3dOvyXANbHC7jmHmQr2LHymHG21h5rSTW/S4XHhOLOxInDLnrTH2n8ruHqhV4Z:2m3UvyW9mL/N5XYFCoKmo
                                                                                                                                                                                                                                                                        MD5:0B5180BD64689788EBEAA8E705A264AC
                                                                                                                                                                                                                                                                        SHA1:43A5CC401EE6C4FF4A94697112B1BC1D4345FC19
                                                                                                                                                                                                                                                                        SHA-256:8FD38A5E6C0408CA77E0E7A0EE179B4391758EC6DA94EA289E3A2CBC1AB1EC59
                                                                                                                                                                                                                                                                        SHA-512:CC26E2E36B93BF89AA16C744B2DB60D855DE616DB7A67F4FB24135545104459338C3EDEAB42BB316B1ECB0DB9E31970B1415A1BF638EA3E53AE31471330AEADB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:..function ceshare.login(username,password).. local i=ceshare.getInternet().. local parameters='';.. if username then.. parameters=parameters..'username='..ceshare.url_encode(username).. end .. .. if password then.. parameters=parameters..'&password='..ceshare.url_encode(password).. end.. .. local r=i.postURL(ceshare.base..'login.php',parameters).. if r then.. if (r:sub(1,2)=='<?') then.. local s=ceshare.xmlParser:ParseXmlText(r).. if s then.. if s.Valid then.. ceshare.LoggedIn=true.. return true .. else.. if s.error then.. ceshare.showError(s.error:value()).. end.. end.. else.. ceshare.showError(r).. end.. else.. ceshare.showError(r);.. end.. else.. ceshare.showError('Login system failure').. end..end....function ceshare.logout().. local i=ceshare.getInternet().. local parameters='';.. i.postURL(ceshare.base..'logout.php',parameters).. ceshare.Lo

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-FIS0L.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10057
                                                                                                                                                                                                                                                                        Entropy (8bit):4.490014854752693
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:ejQ2511mA/SZ1aHe768NxSnLuYd42QRDwdmxst8mHWVZyjqb/9rPj4Y8JYs5Rjkc:eH7eeeBJZhbN0X1R
                                                                                                                                                                                                                                                                        MD5:607A7C1AB93026D94916F21779D0D645
                                                                                                                                                                                                                                                                        SHA1:3D5A64B256FC44086E6E190EA0BC45B5999E1979
                                                                                                                                                                                                                                                                        SHA-256:EA61EEA6289C2FEBA7B7D0CC24DB5277E383102F24784E6BF7254AF41829599C
                                                                                                                                                                                                                                                                        SHA-512:D6749E2DBE46466A1CB1C464CE3F237836EF6B572EF897C7F5C9D12F80A6C0C7A5DFEA54C3499A91E14B29C8BBF0809CCE433C379F9E5DC0072E436F641C59AD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:..function ceshare.GetCurrentProcessList().. ceshare.currentprocesslist={}.. .. for pid,name in pairs(getProcessList()) do.. local md5name=stringToMD5String(string.lower(name)).. --search processlist for this.. if ceshare.processlist and ceshare.processlist[md5name] then.. local e={}.. e.pid=pid.. e.name=name.. e.md5=md5name.. table.insert(ceshare.currentprocesslist,e).. end.. end.. .. return ceshare.currentprocesslist..end....function ceshare.DownloadProcessList().. --Downloads the processlist .. local i=ceshare.getInternet().. local processlist=i.getURL(ceshare.base..'processlist.txt').. .. if processlist==nil then.. return.. end.. .. if processlist:sub(1,1)=='<' then.. return --it returned html code instead of a md5 list.. end.. .. local f=io.open(ceshare.path..[[processlist.txt]],'wb').. if f then.. f:write(processlist).. f:close().... synchronize(function() ceshare.settings.Value.LastProcessListDownload=os.time(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-M1H65.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3720
                                                                                                                                                                                                                                                                        Entropy (8bit):4.600809001198686
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:5JPi+sMwj8PiwwVtZw/FHesmsd6e2g8Qp18RHB0vjjmmNDARNbMymMNPuZdMUX28:5J6+sd4aw2ze/bPWh0RNaoy5uUY2hrEF
                                                                                                                                                                                                                                                                        MD5:65C8D4EDDFE05267A72EAE3DDB2CF02A
                                                                                                                                                                                                                                                                        SHA1:EEF2928D355C8B669F8854DA37162BA1FE32740A
                                                                                                                                                                                                                                                                        SHA-256:15B0C7682E5E8D2E2C2B8CB00C0C03B7DFA9439AC80C37F8E96A4F86652246F9
                                                                                                                                                                                                                                                                        SHA-512:1C151D5A44482362430FBC6ED4550671AD96E768942E4EC2A4C487182BED9D0326A0D40A1AC43F2C8A3DE1E18E33B055CE7126D80FEE9B5B7091ED83A22A41AD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Responsible for editing permissions on tables and changing the owner....function ceshare.ManageAccessList(entry).. if entry then.. .. if ceshare.Permissions==nil then.. local f=createFormFromFile(ceshare.formpath..'Permissions.FRM') .. ceshare.PermissionsFrm=f.. .. f.OnDestroy=function(s).. ceshare.settings.Value['PermissionsFrm.x']=s.left.. ceshare.settings.Value['PermissionsFrm.y']=s.top.. end.. .. f.lbUserNames.Width=f.canvas.getTextWidth('this is a very long username wtf').. f.lbUserNames.Height=f.canvas.getTextHeight('QWERTYjkl')*10.. .. f.lbUsernames.OnDblClick=function(s).. if s.ItemIndex~=-1 then.. s.Items.delete(s.ItemIndex).. end .. end.. .. f.btnAddUSer.OnClick=function(s).. local name=f.EdtUsername.Text.. if name~='' then.. f.lbUserNames.Items.add(name) .. end.. end.. .... local newx=ceshare.settings.Valu

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-MMU2T.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5622
                                                                                                                                                                                                                                                                        Entropy (8bit):4.880391114169657
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:5cHxYq8COheJHVFvNmAYVL9rAaDu+WYtUX8T794B:5cLJHVF0AGBli+LtcYSB
                                                                                                                                                                                                                                                                        MD5:6CF99831E2AAAFB97E975EAE06A705FF
                                                                                                                                                                                                                                                                        SHA1:B6E71F7D3C779575598B65A6E4FB341344A3DDD2
                                                                                                                                                                                                                                                                        SHA-256:E9D57ACB17502AC169DEB37F211E472F68CD6E8A69E071D384B989FA45E9FA7F
                                                                                                                                                                                                                                                                        SHA-512:F6467C4C9DCAB563DBB5A337C76616208D1A1058D704B222E616E5A0809A156B1A29198919F4BF0D40C55A6E972439722C02AAC8A156C53572B6D7EF80986405
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.QueryProcessRequests(processname, startindex).. local result=nil.. if processname==nil or processname=='' then return end.. .. local parameters='processname='..ceshare.url_encode(processname).. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryProcessRequests.php', parameters).. if s then.. if s.RequestList then.. result={}.. .. for i=1, s.RequestList:numChildren() do.. local request=s.RequestList:children()[i].. local entry={}.. entry.ID=tonumber(request["@ID"]).. entry.Username=request["@username"].. entry.Message=request["@message"].. entry.Score=tonumber(request["@score"]).. entry.Time=request["@time"].. .. table.insert(result, entry).. end .. end.. end.. .. return result..end....function ceshare.createRequestPanel(request).. local panel=createPanel(ceshare.RequestsFrm.MessageBox).. panel.Align='al

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TN2EL.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25075
                                                                                                                                                                                                                                                                        Entropy (8bit):4.523124761905836
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:RYDUUhQNWv2rzc3lytSv5ooI0/r5cCAn9zZMf4gybrby15VZ3faxLao0iH+WpeCC:uDUUhQ0OrbBKGYU63
                                                                                                                                                                                                                                                                        MD5:623B89F1E13C54A1F560B254317948B5
                                                                                                                                                                                                                                                                        SHA1:B90E2DE7A5CFF0B14738F2FB4F6A3A4E1EE1A17C
                                                                                                                                                                                                                                                                        SHA-256:0C6E90C2525F1560ACEA3F4BDAE056D11DF1C2F675C2335594DC80BB910A1B17
                                                                                                                                                                                                                                                                        SHA-512:F80CD50F860A5F8D5C6D6AB7BA8691B443DA91573F3F0FC8D5B82B79556C5AC02ACCC610870EA61A886ECB8A4491457965D082F8F41DF781DED1DB84F7157A3F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.enumModules2().. local m=enumModules().. local r={}.. .. for i=1,#m do.. r[m[i].Name:lower()]=m[i].. end.. .. return r..end....function ceshare.QueryProcessCheats(processname, headermd5, updatableOnly).. local modulelist=ceshare.enumModules2().. local result=nil.. local parameters='processname='..ceshare.url_encode(processname).. .. if isKeyPressed(VK_CONTROL)==false then --control lets you get a new script if needed.. local secondaryIdentifierCode=ceshare.secondaryIdentifierCode.Value[processname:lower()].. if secondaryIdentifierCode and secondaryIdentifierCode~='' then.. local value,param=loadstring(secondaryIdentifierCode)().. if value and param then.. parameters=parameters..'&secondaryidentifier='..ceshare.url_encode(param).. end.. end.. end.. .. if updatableOnly then.. parameters=parameters..'&updatableOnly=1';.. end.... .. .. .. --local r=ceshare.getInternet().postURL(url,parameters).. --local s=ceshare

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-TOELE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21455
                                                                                                                                                                                                                                                                        Entropy (8bit):4.719034004905997
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:K3KK7BDUUhaWlvyDep8IcDsfUPrBUpJRg:K3hDUUh3Kqp8X9UpPg
                                                                                                                                                                                                                                                                        MD5:87CD08B16891E0DBE3D47BB71CA91691
                                                                                                                                                                                                                                                                        SHA1:55D98338B4AA0DF3566CD2E721B3D3F86A3836AA
                                                                                                                                                                                                                                                                        SHA-256:6BFD35AA64AB566DDB68D0675AD3B4A093649010A9C30DF3A30A7F9DC2ED7702
                                                                                                                                                                                                                                                                        SHA-512:847BECF1D3066A3E185001035B68496B91876BDEB323734782C41FC9B2BDF665BF33C728CEBBE78E820654D87B1969C09B5D1FAED7498538CB5F761984108614
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local function isWindowVisible(winhandle).. return executeCodeLocal('IsWindowVisible',winhandle)~=0..end....local function getBaseParentFromWindowHandle(winhandle).. local i=0.. local last=winhandle.... while winhandle and (winhandle~=0) and (i<10000) do.. last=winhandle.. winhandle=getWindow(winhandle, GW_HWNDOWNER).. i=i+1.. end;.... return last..end....function ceshare.getProcessTitle(pid).. local w=getWindow(getForegroundWindow(), GW_HWNDFIRST).... local bases={}.... while w and (w~=0) do.. if getWindowProcessID(w)==pid then.. if isWindowVisible(w) then.. local h=getBaseParentFromWindowHandle(w).. local c=getWindowCaption(h).. if isWindowVisible(h) and (c~='') then.. bases[h]=c.. end.. end.. end.. w=getWindow(w,GW_HWNDNEXT).. end...... for h,n in pairs(bases) do.. return n --just hope for the best..... end..end....function ceshare.getCurrentProcessTitle().. return ceshare.getProcessTitle(getOpenedProce

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-VP31G.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4018
                                                                                                                                                                                                                                                                        Entropy (8bit):4.735117902416751
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:5ASgbBrZUxqShyY92Tm1E+J7YYI0+9+DKeRA453wxQRBhqvr5OOeCYBhSj:5ARB2hhPE+WY9+AzE5XsBhSj
                                                                                                                                                                                                                                                                        MD5:0D4D1B597712015EF1B0EC8ADC26495F
                                                                                                                                                                                                                                                                        SHA1:3584779C06619F545B47A27703AA2F47455D50DE
                                                                                                                                                                                                                                                                        SHA-256:89C8FCCC16D2AA0A3004DC1B477A5C1DCBBA539769B2A4558F7C7D9B9809B133
                                                                                                                                                                                                                                                                        SHA-512:AE26BBB2C3F74C143A01EC3B296A26699C679D51BC68C8C7B8C460616D1A0AA065500EBCA83E972A720BD7A3C5A7B63A673EAECEF1391A2E717208EF8DA0796F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:function ceshare.QueryTableComments(entry, startindex).. local result=nil.. local parameters='id='..entry.ID.. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryTableComments.php', parameters).. if s then.. if s.Comments then.. result={}.. .. for i=1, s.Comments:numChildren() do.. local comment=s.Comments:children()[i].. local entry={}.. entry.ID=tonumber(comment["@ID"]).. entry.Username=comment["@username"].. entry.Message=comment["@message"].. entry.Time=comment["@time"].. table.insert(result, entry).. end .. end.. end .. return result..end......function ceshare.createCommentPanel(comment).. local panel=createPanel(ceshare.CommentsFrm.MessageBox).. panel.Align='alTop' .. panel.Tag=comment.ID .. .. local pnlMessage=createPanel(panel).. pnlMessage.align='alClient'.. .. local lblUsername=createLabel(pnlMessage).. lblUsername.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):50456
                                                                                                                                                                                                                                                                        Entropy (8bit):6.548128089503794
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:+B4cf1fqCWPiiyDf+TTmhX2cnX3/OtC2MD0OK9BRbAlQ4z:El38CfKmhXv/Ott20OKvR
                                                                                                                                                                                                                                                                        MD5:B02FA5C8EEFBCD010AAAC97A94FF62BB
                                                                                                                                                                                                                                                                        SHA1:FD88F2FC529515252CBCAB507F322B080853C38B
                                                                                                                                                                                                                                                                        SHA-256:7BD0D77FD790215BB67337F9F210B05AAAB0193D105B8FF86EC422E9875EB033
                                                                                                                                                                                                                                                                        SHA-512:1D18CB2CFFBF83EF949C2A34FA28C4E011C623C62CE743C7F320DB1ACFBD41BEA2EA6D3F0D93A34874973FC43367D6562C630F8B7912B22BE7CCC61851001A18
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6Nf;W 5;W 5;W 5...5:W 5%..58W 5%..56W 5%..5?W 5%..5?W 5..58W 5;W!5.W 5%..5=W 5%..5:W 5%..5:W 5Rich;W 5........PE..L...T.sS...........!.........(.......................................................=....@......................... .......T...P...............................p... ...................................@............................................text...2........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-SMGBV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):50456
                                                                                                                                                                                                                                                                        Entropy (8bit):6.548128089503794
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:+B4cf1fqCWPiiyDf+TTmhX2cnX3/OtC2MD0OK9BRbAlQ4z:El38CfKmhXv/Ott20OKvR
                                                                                                                                                                                                                                                                        MD5:B02FA5C8EEFBCD010AAAC97A94FF62BB
                                                                                                                                                                                                                                                                        SHA1:FD88F2FC529515252CBCAB507F322B080853C38B
                                                                                                                                                                                                                                                                        SHA-256:7BD0D77FD790215BB67337F9F210B05AAAB0193D105B8FF86EC422E9875EB033
                                                                                                                                                                                                                                                                        SHA-512:1D18CB2CFFBF83EF949C2A34FA28C4E011C623C62CE743C7F320DB1ACFBD41BEA2EA6D3F0D93A34874973FC43367D6562C630F8B7912B22BE7CCC61851001A18
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6Nf;W 5;W 5;W 5...5:W 5%..58W 5%..56W 5%..5?W 5%..5?W 5..58W 5;W!5.W 5%..5=W 5%..5:W 5%..5:W 5Rich;W 5........PE..L...T.sS...........!.........(.......................................................=....@......................... .......T...P...............................p... ...................................@............................................text...2........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):62232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.014187026705995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:wm0hfdOrlHVzBkzORZN2UE0TjwNwqGN4cOlA/eQ4z:wNuVBaOohMFOlA/
                                                                                                                                                                                                                                                                        MD5:CEFC5C56720CA850CCB20FAF47733BD2
                                                                                                                                                                                                                                                                        SHA1:55F25CF4A7DE12607B085E8CFDBA0383F0207E9D
                                                                                                                                                                                                                                                                        SHA-256:F107DD69B4115864D289F364FAFC0E045FD3E9FC4BDE5586CE8C1BCF59CC65A7
                                                                                                                                                                                                                                                                        SHA-512:1B6FBA56FEAC4F4345B2F6CED82A3DDDACC3C0CB6F49C1D30105A8156B8DE851E34B9E31478C658C60D907C9F26237D2EFB7C2AB85ADB49905FDCCA6349A4DEE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.n.x...x...x......y...f...y...f...q...f...|...f...|......{...x...E...f...~...f...y...f...y...Richx...........................PE..d...I.sS.........." .........8...... ........................................ ............@.....................................................P...............................D... ................................................................................text...?........................... ..`.rdata...%.......&..................@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-92NR9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):62232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.014187026705995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:wm0hfdOrlHVzBkzORZN2UE0TjwNwqGN4cOlA/eQ4z:wNuVBaOohMFOlA/
                                                                                                                                                                                                                                                                        MD5:CEFC5C56720CA850CCB20FAF47733BD2
                                                                                                                                                                                                                                                                        SHA1:55F25CF4A7DE12607B085E8CFDBA0383F0207E9D
                                                                                                                                                                                                                                                                        SHA-256:F107DD69B4115864D289F364FAFC0E045FD3E9FC4BDE5586CE8C1BCF59CC65A7
                                                                                                                                                                                                                                                                        SHA-512:1B6FBA56FEAC4F4345B2F6CED82A3DDDACC3C0CB6F49C1D30105A8156B8DE851E34B9E31478C658C60D907C9F26237D2EFB7C2AB85ADB49905FDCCA6349A4DEE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.n.x...x...x......y...f...y...f...q...f...|...f...|......{...x...E...f...~...f...y...f...y...Richx...........................PE..d...I.sS.........." .........8...... ........................................ ............@.....................................................P...............................D... ................................................................................text...?........................... ..`.rdata...%.......&..................@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):39840
                                                                                                                                                                                                                                                                        Entropy (8bit):7.158632953476479
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:3N8So6jKJjZr25rm7V1VaXLkjYr25rm3V1VaXLkjn:3N8FaeF2m7P012m3P0A
                                                                                                                                                                                                                                                                        MD5:ED7867296697880928F297914D80F211
                                                                                                                                                                                                                                                                        SHA1:1CC9B65D8F94A04EA59B7511DF522FCB68C275E9
                                                                                                                                                                                                                                                                        SHA-256:3DC9EA4350E99E6216DA0840C53ED8CCCA39BA7DF7A4146B47AFFCAB128A4432
                                                                                                                                                                                                                                                                        SHA-512:044FDECCB4A46EDF37BBEF8E6CBB36AC586A2AA505B34F71977A2E404FFF088A60FF8277D0251B23C7F5D090A337B4CB5AF1FEA1A638B408EEC6F334BC416AD8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..(...........G... ...`....... ...............................?....@..................................G..O....`...............0...k...........F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................G......H.......L1..............................................................R.{.....(......o....*....0..'.........#.....{.......o.....3....*r...ps....zR.{.....(......o....*.0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*...0..&.......(.....o........i(.....{........io....*...0..)........(.......#.....{.......o....&(.....o....*....0..R........(......(.....rG..p.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):417184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.7644491521368
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:CLM9vziuDEVmqU2Im5/P1OhGKexP+gVuQ:lLiuDEV15/tVP+ouQ
                                                                                                                                                                                                                                                                        MD5:C5B870CE07DA5206D8A81E139920B7DC
                                                                                                                                                                                                                                                                        SHA1:F868450ED5F886F084C00345C75143C65FD9338E
                                                                                                                                                                                                                                                                        SHA-256:EB26B38A604CF98B95A39FD249C0771E351061A9894D22284CDFE984E8FC7A6C
                                                                                                                                                                                                                                                                        SHA-512:7DFB3E9940EC0D14B42C77483F71274701C46483E65EE57A0853A31F688CC5C3D0C0AF2050229BA196D9BEFF9813F259E3F92EEC9D8352CC0E416FEB4EB1A6BE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.1t"o_'"o_'"o_'..'/o_'..'.o_'..'?o_'p.Z&.o_'p.[&.o_'p.\&4o_'+..'!o_'"o^'Go_'..V&'o_'.._&#o_'...'#o_'..]&#o_'Rich"o_'........................PE..L....".c...........!.....D..........T........`...............................0.......&....@.........................0...X.......(........................k.......>..0V..p............................V..@............`..l............................text....B.......D.................. ..`.rdata...N...`...P...H..............@..@.data....&..........................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):548768
                                                                                                                                                                                                                                                                        Entropy (8bit):6.397563059744258
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:7dShHq6xdR8zWUjwmoRb2qORTCKTJ7PYn:Z6xdqzWUjwmr8n
                                                                                                                                                                                                                                                                        MD5:4237719534B21BB179480ED8BB23C0CC
                                                                                                                                                                                                                                                                        SHA1:A1C8DB76137B6131B7B8FE379841CB3DF62F3B7D
                                                                                                                                                                                                                                                                        SHA-256:15EE5851FF1B33E369B43C66D44E3D1452A212C2A37F337B680FE8BD88DF8748
                                                                                                                                                                                                                                                                        SHA-512:4ACE9A2CA9BEAF64A3B097922300E6BF46729375CB4DFA4BC3D81B0420FF28CD45C2CFDB9C05E4885DDD39CB6BF160D932BE4711C219302D684D23AFEADB4F72
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..n.S..P..n.Q.YP..n.P..P..D.e..P...8...P...8...P...8...P...(1..P...P...P..I9...P..I9...P..I9]..P..I9...P..Rich.P..................PE..d....".c.........." .....X...................................................P............`.............................................X...h...(.... ..........h:.......k...0..........p...........................p................p...............................text....W.......X.................. ..`.rdata...)...p...*...\..............@..@.data...H7..........................@....pdata..h:.......<..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\dnd.dat (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):54895
                                                                                                                                                                                                                                                                        Entropy (8bit):7.768231173906507
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:TEzw27ZEqFXUUj2CGLHfwa8OMerCYvLKtO0iEaF:TEzw27LFXXqBHfwa8OsZC
                                                                                                                                                                                                                                                                        MD5:C07B2CE2256D4DDE62F92CB684E23C02
                                                                                                                                                                                                                                                                        SHA1:1D1A234A9C1BDE7DC32867BEB8197A4BD8C6802B
                                                                                                                                                                                                                                                                        SHA-256:3F7948BFADE1F6A4F744580FB825330FB85668CD645CD6EE9F5915742584E932
                                                                                                                                                                                                                                                                        SHA-512:E0DEE259BCCF78D8EA64A2C0B7136FE5BC749564E9574DAD496AEEC6BC0DEF460A1CB2D5E63DA7CB62E6A2C31D497A8FF355305C58AA4A4BF9F9EE0C07636273
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:ID3.......TXXX.......major_brand.isom.TXXX.......minor_version.512.TXXX... ...compatible_brands.isomiso2mp41.TSSE.......Lavf58.45.100.............P.................................Info.......\................."$'*,/2479<>ACEHJMPSUXZ]_bdgilnqtvy|~......................................................Lavc58.91............$...........X....................0d....1...-.... ...... .....4.....`.1. x&1...O..~.B....0...N./..A....~...]k.ZD.B.E.`........=.n..3..)g.I.@.(..P!.....?5./|>.....!{.f*Gj*L'c............V..2d#...1...j.... ...... .....@.....B........?...%2....<...`,..5..s.>a..hU..A2....d\.......#..(6.?/../.}+.......bn........>..S...`.7r.$..`......S.....E...2DA...1!..n .F$A.-..X.@..@J.....HO....c... .1..@....]..Wk3....0.."...~...w..%.n.i.;................O.s......_..}....zldY...5..............rd.7=0 ....2DY...1 ..n .&$1.-..H.. .J..... ......(....A.. .$..2j'`.0...i.B" ,..:{..h0..92.df. ......94...."...Wt........'.^..o.6.X.&..8.X~!.aX.G..nUy...q....q,.e.(.'..0D]...3C..6.B.(X..L

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3062O.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):548768
                                                                                                                                                                                                                                                                        Entropy (8bit):6.397563059744258
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:7dShHq6xdR8zWUjwmoRb2qORTCKTJ7PYn:Z6xdqzWUjwmr8n
                                                                                                                                                                                                                                                                        MD5:4237719534B21BB179480ED8BB23C0CC
                                                                                                                                                                                                                                                                        SHA1:A1C8DB76137B6131B7B8FE379841CB3DF62F3B7D
                                                                                                                                                                                                                                                                        SHA-256:15EE5851FF1B33E369B43C66D44E3D1452A212C2A37F337B680FE8BD88DF8748
                                                                                                                                                                                                                                                                        SHA-512:4ACE9A2CA9BEAF64A3B097922300E6BF46729375CB4DFA4BC3D81B0420FF28CD45C2CFDB9C05E4885DDD39CB6BF160D932BE4711C219302D684D23AFEADB4F72
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..n.S..P..n.Q.YP..n.P..P..D.e..P...8...P...8...P...8...P...(1..P...P...P..I9...P..I9...P..I9]..P..I9...P..Rich.P..................PE..d....".c.........." .....X...................................................P............`.............................................X...h...(.... ..........h:.......k...0..........p...........................p................p...............................text....W.......X.................. ..`.rdata...)...p...*...\..............@..@.data...H7..........................@....pdata..h:.......<..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-BO9E3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):39840
                                                                                                                                                                                                                                                                        Entropy (8bit):7.158632953476479
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:3N8So6jKJjZr25rm7V1VaXLkjYr25rm3V1VaXLkjn:3N8FaeF2m7P012m3P0A
                                                                                                                                                                                                                                                                        MD5:ED7867296697880928F297914D80F211
                                                                                                                                                                                                                                                                        SHA1:1CC9B65D8F94A04EA59B7511DF522FCB68C275E9
                                                                                                                                                                                                                                                                        SHA-256:3DC9EA4350E99E6216DA0840C53ED8CCCA39BA7DF7A4146B47AFFCAB128A4432
                                                                                                                                                                                                                                                                        SHA-512:044FDECCB4A46EDF37BBEF8E6CBB36AC586A2AA505B34F71977A2E404FFF088A60FF8277D0251B23C7F5D090A337B4CB5AF1FEA1A638B408EEC6F334BC416AD8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..(...........G... ...`....... ...............................?....@..................................G..O....`...............0...k...........F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................G......H.......L1..............................................................R.{.....(......o....*....0..'.........#.....{.......o.....3....*r...ps....zR.{.....(......o....*.0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*...0..&.......(.....o........i(.....{........io....*...0..)........(.......#.....{.......o....&(.....o....*....0..R........(......(.....rG..p.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-O5JBT.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):54895
                                                                                                                                                                                                                                                                        Entropy (8bit):7.768231173906507
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:TEzw27ZEqFXUUj2CGLHfwa8OMerCYvLKtO0iEaF:TEzw27LFXXqBHfwa8OsZC
                                                                                                                                                                                                                                                                        MD5:C07B2CE2256D4DDE62F92CB684E23C02
                                                                                                                                                                                                                                                                        SHA1:1D1A234A9C1BDE7DC32867BEB8197A4BD8C6802B
                                                                                                                                                                                                                                                                        SHA-256:3F7948BFADE1F6A4F744580FB825330FB85668CD645CD6EE9F5915742584E932
                                                                                                                                                                                                                                                                        SHA-512:E0DEE259BCCF78D8EA64A2C0B7136FE5BC749564E9574DAD496AEEC6BC0DEF460A1CB2D5E63DA7CB62E6A2C31D497A8FF355305C58AA4A4BF9F9EE0C07636273
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:ID3.......TXXX.......major_brand.isom.TXXX.......minor_version.512.TXXX... ...compatible_brands.isomiso2mp41.TSSE.......Lavf58.45.100.............P.................................Info.......\................."$'*,/2479<>ACEHJMPSUXZ]_bdgilnqtvy|~......................................................Lavc58.91............$...........X....................0d....1...-.... ...... .....4.....`.1. x&1...O..~.B....0...N./..A....~...]k.ZD.B.E.`........=.n..3..)g.I.@.(..P!.....?5./|>.....!{.f*Gj*L'c............V..2d#...1...j.... ...... .....@.....B........?...%2....<...`,..5..s.>a..hU..A2....d\.......#..(6.?/../.}+.......bn........>..S...`.7r.$..`......S.....E...2DA...1!..n .F$A.-..X.@..@J.....HO....c... .1..@....]..Wk3....0.."...~...w..%.n.i.;................O.s......_..}....zldY...5..............rd.7=0 ....2DY...1 ..n .&$1.-..H.. .J..... ......(....A.. .$..2j'`.0...i.B" ,..:{..h0..92.df. ......94...."...Wt........'.^..o.6.X.&..8.X~!.aX.G..nUy...q....q,.e.(.'..0D]...3C..6.B.(X..L

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-ROMDO.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):417184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.7644491521368
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:CLM9vziuDEVmqU2Im5/P1OhGKexP+gVuQ:lLiuDEV15/tVP+ouQ
                                                                                                                                                                                                                                                                        MD5:C5B870CE07DA5206D8A81E139920B7DC
                                                                                                                                                                                                                                                                        SHA1:F868450ED5F886F084C00345C75143C65FD9338E
                                                                                                                                                                                                                                                                        SHA-256:EB26B38A604CF98B95A39FD249C0771E351061A9894D22284CDFE984E8FC7A6C
                                                                                                                                                                                                                                                                        SHA-512:7DFB3E9940EC0D14B42C77483F71274701C46483E65EE57A0853A31F688CC5C3D0C0AF2050229BA196D9BEFF9813F259E3F92EEC9D8352CC0E416FEB4EB1A6BE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.1t"o_'"o_'"o_'..'/o_'..'.o_'..'?o_'p.Z&.o_'p.[&.o_'p.\&4o_'+..'!o_'"o^'Go_'..V&'o_'.._&#o_'...'#o_'..]&#o_'Rich"o_'........................PE..L....".c...........!.....D..........T........`...............................0.......&....@.........................0...X.......(........................k.......>..0V..p............................V..@............`..l............................text....B.......D.................. ..`.rdata...N...`...P...H..............@..@.data....&..........................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1551
                                                                                                                                                                                                                                                                        Entropy (8bit):5.315181220757938
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Z4mZHEKQU5rJeoOIqGSAARYqdVpPaKQ673pD56aLFs6cG4YUXC/ArOdt2qFjQ02y:h5DO/GsnxHsnG7U0ArytNjQMf8W
                                                                                                                                                                                                                                                                        MD5:9F6258B7C0FAFDE9B1D0ED44FFEA7070
                                                                                                                                                                                                                                                                        SHA1:FDBF716E6FD03BB3D2671F854A997EA46EFAE26F
                                                                                                                                                                                                                                                                        SHA-256:D020D9CF2563F8B6021593FA604E9CFBE54BCB8B7361CCDBC220E543A6995045
                                                                                                                                                                                                                                                                        SHA-512:DD00A5F40CAA128CCAED782E6ABA697DBD24CA194F051EF1FA542B3ACAAA618E08C822ECEC45EAC4A37FB29C889DC4DF5BB99CA6F328F010C4F4931D88A3EE7B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:....#ifdef _WINDOWS..#include <Windows.h>..#else..#include "macport.h"....#define ReadFile ReadFilePipeWrapper..#define WriteFile WriteFilePipeWrapper..#endif....#include "Pipe.h"....//superclass to make pipe handling easier to work with....Pipe::Pipe(void)..{...pipehandle=0;...InitializeCriticalSection(&cs);..}....Pipe::~Pipe(void)..{...//check if someone forgot to clean it up...if ((pipehandle!=0) && (pipehandle!=INVALID_HANDLE_VALUE))...{..#ifdef _WINDOWS....CloseHandle(pipehandle);..#else.. ClosePipe(pipehandle);..#endif....pipehandle=0;...}..... ..}....void Pipe::Lock(void)..{...EnterCriticalSection(&cs);..}....void Pipe::Unlock(void)..{...LeaveCriticalSection(&cs);..}....void Pipe::Read(PVOID buf, unsigned int count)..{...DWORD br;...if (count==0) return;...if (ReadFile(pipehandle, buf, count, &br, NULL)==FALSE)....throw("Read Error");..}....void Pipe::Write(PVOID buf, unsigned int count)..{...DWORD bw;...if (count==0) return;...if (WriteFile(pipehandle, buf, count, &bw

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):507
                                                                                                                                                                                                                                                                        Entropy (8bit):5.260462788158599
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:lb1HAq75T1m1une2Vevm7vmp3jmuWjs5rCTLz:lVBYUwmTmp3jmuWjsaz
                                                                                                                                                                                                                                                                        MD5:956C9C67FE3FA489547C1767AFB50EC4
                                                                                                                                                                                                                                                                        SHA1:BC76C3E7DF811B582EE153C43B986C8ED107E72A
                                                                                                                                                                                                                                                                        SHA-256:65DF81AA1A72667285733FF7515632D7C003B2C21B37D623FC3F6663738137C0
                                                                                                                                                                                                                                                                        SHA-512:3FD906CB79B534FC63336005A605EE092FB8B028AD660882C3324F72D794CB1198C13FC23390B1FA1E0E895C1963F293B3411EC4599D67A5B8B8FDFD77840200
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#ifndef _WINDOWS..#include "macport.h"..#endif....class Pipe..{..private:.. CRITICAL_SECTION cs;..protected:...HANDLE pipehandle;..public:...void Read(PVOID buf, unsigned int count);...void Write(PVOID buf, unsigned int count);...BYTE ReadByte();...WORD ReadWord();...DWORD ReadDword();...UINT64 ReadQword();...void WriteByte(BYTE b);...void WriteWord(WORD b);...void WriteDword(DWORD b);...void WriteQword(UINT64 b);.....void Lock();...void Unlock();.....Pipe(void);...~Pipe(void);..};..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-01JMQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1551
                                                                                                                                                                                                                                                                        Entropy (8bit):5.315181220757938
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Z4mZHEKQU5rJeoOIqGSAARYqdVpPaKQ673pD56aLFs6cG4YUXC/ArOdt2qFjQ02y:h5DO/GsnxHsnG7U0ArytNjQMf8W
                                                                                                                                                                                                                                                                        MD5:9F6258B7C0FAFDE9B1D0ED44FFEA7070
                                                                                                                                                                                                                                                                        SHA1:FDBF716E6FD03BB3D2671F854A997EA46EFAE26F
                                                                                                                                                                                                                                                                        SHA-256:D020D9CF2563F8B6021593FA604E9CFBE54BCB8B7361CCDBC220E543A6995045
                                                                                                                                                                                                                                                                        SHA-512:DD00A5F40CAA128CCAED782E6ABA697DBD24CA194F051EF1FA542B3ACAAA618E08C822ECEC45EAC4A37FB29C889DC4DF5BB99CA6F328F010C4F4931D88A3EE7B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:....#ifdef _WINDOWS..#include <Windows.h>..#else..#include "macport.h"....#define ReadFile ReadFilePipeWrapper..#define WriteFile WriteFilePipeWrapper..#endif....#include "Pipe.h"....//superclass to make pipe handling easier to work with....Pipe::Pipe(void)..{...pipehandle=0;...InitializeCriticalSection(&cs);..}....Pipe::~Pipe(void)..{...//check if someone forgot to clean it up...if ((pipehandle!=0) && (pipehandle!=INVALID_HANDLE_VALUE))...{..#ifdef _WINDOWS....CloseHandle(pipehandle);..#else.. ClosePipe(pipehandle);..#endif....pipehandle=0;...}..... ..}....void Pipe::Lock(void)..{...EnterCriticalSection(&cs);..}....void Pipe::Unlock(void)..{...LeaveCriticalSection(&cs);..}....void Pipe::Read(PVOID buf, unsigned int count)..{...DWORD br;...if (count==0) return;...if (ReadFile(pipehandle, buf, count, &br, NULL)==FALSE)....throw("Read Error");..}....void Pipe::Write(PVOID buf, unsigned int count)..{...DWORD bw;...if (count==0) return;...if (WriteFile(pipehandle, buf, count, &bw

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-MOO9Q.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):507
                                                                                                                                                                                                                                                                        Entropy (8bit):5.260462788158599
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:lb1HAq75T1m1une2Vevm7vmp3jmuWjs5rCTLz:lVBYUwmTmp3jmuWjsaz
                                                                                                                                                                                                                                                                        MD5:956C9C67FE3FA489547C1767AFB50EC4
                                                                                                                                                                                                                                                                        SHA1:BC76C3E7DF811B582EE153C43B986C8ED107E72A
                                                                                                                                                                                                                                                                        SHA-256:65DF81AA1A72667285733FF7515632D7C003B2C21B37D623FC3F6663738137C0
                                                                                                                                                                                                                                                                        SHA-512:3FD906CB79B534FC63336005A605EE092FB8B028AD660882C3324F72D794CB1198C13FC23390B1FA1E0E895C1963F293B3411EC4599D67A5B8B8FDFD77840200
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#ifndef _WINDOWS..#include "macport.h"..#endif....class Pipe..{..private:.. CRITICAL_SECTION cs;..protected:...HANDLE pipehandle;..public:...void Read(PVOID buf, unsigned int count);...void Write(PVOID buf, unsigned int count);...BYTE ReadByte();...WORD ReadWord();...DWORD ReadDword();...UINT64 ReadQword();...void WriteByte(BYTE b);...void WriteWord(WORD b);...void WriteDword(DWORD b);...void WriteQword(UINT64 b);.....void Lock();...void Unlock();.....Pipe(void);...~Pipe(void);..};..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1241
                                                                                                                                                                                                                                                                        Entropy (8bit):5.56652814239152
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPE7K71jtSk8H5IkT6GkTxkBZkm2kp6ckt8Ik/Tkk88W:pPAe1jtTeYQtYZ
                                                                                                                                                                                                                                                                        MD5:D602509D20C721D185D08DDFAB72EFD8
                                                                                                                                                                                                                                                                        SHA1:A7006EDA0FC346223377188F4941B39BE925E355
                                                                                                                                                                                                                                                                        SHA-256:F51DCDB8A36F5784994125E8F3451EA91A710FC844751319E839B448802E7A13
                                                                                                                                                                                                                                                                        SHA-512:02D79C2A4C1A175C38E35E08465B4C915FF2F185A10208F36C31B707AAE4E38BDB8E0F04F6DEE231622973ACBE12AD3A0B76EDFFBB69979337833C7E94A36108
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 10.00..# Visual Studio 2008..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CEJVMTI", "CEJVMTI\CEJVMTI.vcproj", "{3C30A633-6797-4D59-936F-9A2A8CE79B25}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.ActiveCfg = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.Build.0 = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.ActiveCfg = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.Build.0 = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.ActiveCfg = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.Build.0 = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4789
                                                                                                                                                                                                                                                                        Entropy (8bit):5.316244410627971
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:7VupFugSq0HelONyzkBB9SFMJt9Knqk1Nd4Gl5CRTjwn67xahZ9X7s1uvQ8zVYWO:UFupqXdkEFWsnqUNd4GX/6GFo2Y
                                                                                                                                                                                                                                                                        MD5:021AA48BED78C67E3A7969BE8BC0BB5B
                                                                                                                                                                                                                                                                        SHA1:CCA95A2D7D82ED610245D3AE88DD19C339C402AC
                                                                                                                                                                                                                                                                        SHA-256:C9EF523D9ABCAC32BC86CC5E316C03749B64EC4BCE0343289C05E9366639696D
                                                                                                                                                                                                                                                                        SHA-512:D3E10547D368D50863CC781E1831C5FA6264FAA9CC64AF6114E7F4E21D361849BBEE0784F0D653BC824079E43BDD8AE8D02B5574520497B07E0022CBAAEF3C32
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// CEJVMTI.cpp : Defines the exported functions for the DLL application...//....#include "stdafx.h"..#include "CEJVMTI.h"..#include "JavaServer.h"..#include "JavaEventServer.h"....void JNICALL AgentThread(jvmtiEnv* jvmti_env, JNIEnv* jni_env, void* arg)..{...CJavaServer *s=new CJavaServer(jvmti_env, jni_env);.....s->Start();.....delete s;...OutputDebugStringA("Still alive");....}........jvmtiIterationControl JNICALL initialHeapIterate(jlong class_tag, jlong size, jlong* tag_ptr, void* user_data)..{...//OutputDebugStringA("Tagging object\n");...*tag_ptr=1;...return JVMTI_ITERATION_CONTINUE;..}....int LaunchServer(jvmtiEnv *env, JNIEnv *jni)..{...jclass threadclass=jni->FindClass("java/lang/Thread");...if (threadclass==0)...{....OutputDebugStringA("jni->FindClass(\"java/lang/Thread\") failure");....return 0;...}.....jmethodID threadinit=jni->GetMethodID(threadclass, "<init>", "()V");...if (threadinit==0)...{....OutputDebugStringA("jni->GetMethodID failure");....return 0;...}..........//e

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):836
                                                                                                                                                                                                                                                                        Entropy (8bit):5.079968529942336
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:CwCaxHbe4JGywvVwOPGkTAIbDNzHOqMfsqM98DU+V6E:vxHbe4kywBGkTAIfNzHOqMUqM98wc6E
                                                                                                                                                                                                                                                                        MD5:20AF26E2AB559DDC6CA1929834DA003E
                                                                                                                                                                                                                                                                        SHA1:7AE93554FBCEC9851F68F16A2EAED9C3F299CE5F
                                                                                                                                                                                                                                                                        SHA-256:18C5FB7CB71EB7B2D1835CE44B24E09213AA885C1407E4E2401FBD2D74970D8E
                                                                                                                                                                                                                                                                        SHA-512:B9FF67E715E0489D761424266EDA7049F40FE38E0EE4F595B1D4B43E6E9F829074827DC4EBBF9FF368BE02A90A9343117930C88ED5FBB8E3D8EEBDA43A857D90
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// The following ifdef block is the standard way of creating macros which make exporting ..// from a DLL simpler. All files within this DLL are compiled with the CEJVMTI_EXPORTS..// symbol defined on the command line. this symbol should not be defined on any project..// that uses this DLL. This way any other project whose source files include this file see ..// CEJVMTI_API functions as being imported from a DLL, whereas this DLL sees symbols..// defined with this macro as being exported...#ifdef CEJVMTI_EXPORTS..#define CEJVMTI_API __declspec(dllexport)..#else..#define CEJVMTI_API __declspec(dllimport)..#endif....// This class is exported from the CEJVMTI.dll..class CEJVMTI_API CCEJVMTI {..public:...CCEJVMTI(void);...// TODO: add your methods here...};....extern CEJVMTI_API int nCEJVMTI;....CEJVMTI_API int fnCEJVMTI(void);..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.vcproj (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10039
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118940053099404
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:VnzWGB2Afbh77fByk+f8bi4n4w4RciFnFwFRyIF:RWGdfbhfB+f8bi4n4w4RciFnFwFRFF
                                                                                                                                                                                                                                                                        MD5:9EE34D72F0C9E158FCEBB31CD8878D6C
                                                                                                                                                                                                                                                                        SHA1:3F06D5E6E886961AF80FA823E2D52CE5CD0B84D8
                                                                                                                                                                                                                                                                        SHA-256:CAFE34E86117A15C4E0B40F12BCBB79CB6EF8F0AB8ED10DEF567357AB11637CD
                                                                                                                                                                                                                                                                        SHA-512:FB41AF029142289DE950BA7BC1512A586E9C9E2414F46BB755936637978D40ECA5D8E671369BE61ACD38E841BCD11C264E2DE55FBC087E91B4A7529FFE91A55B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="CEJVMTI"...ProjectGUID="{3C30A633-6797-4D59-936F-9A2A8CE79B25}"...RootNamespace="CEJVMTI"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="E:\source\openjdk\jdk\src\share\javavm\export;E:

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaEventServer.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9131
                                                                                                                                                                                                                                                                        Entropy (8bit):5.432032141224608
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:reWH42e/J83LkXasXVHMFyWH9MWUnsUeTxtbPYN9:C42RA4VL/RV
                                                                                                                                                                                                                                                                        MD5:59529578CDE1AE578ABCAAA331AA4FBA
                                                                                                                                                                                                                                                                        SHA1:33AB98509ED784580A259D1B310827C50B842F50
                                                                                                                                                                                                                                                                        SHA-256:E3795C3B94C84491A368C78FCBC4076BFADCA038AFE74DA2FA7FAB7415945658
                                                                                                                                                                                                                                                                        SHA-512:ACBD3884642E466D29FBE6D6A7337CCBAEC55147EA735098F9E463C6875B52B255480745847C3EFABCBAC72F9B72DD45CF259880A8D4700AFB68C3C07AC747BE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#include "StdAfx.h"..#include "JavaEventServer.h"......CJavaEventServer *old_eventserver=NULL;..CJavaEventServer *eventserver=NULL;....jvmtiEventCallbacks callbacks;......void JNICALL MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr, jint map_length, ..........const jvmtiAddrLocationMap* map, const void* compile_info)..{...if (eventserver)....eventserver->MethodLoad(jvmti_env, method, code_size, code_addr);....}....void JNICALL MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr)..{...if (eventserver)....eventserver->MethodUnload(jvmti_env, method, code_addr);..}....void JNICALL DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length)..{...if (eventserver)....eventserver->DynamicCodeGenerated(jvmti_env, name, address,length);..}....void JNICALL FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jthread thread, jmethodID method, jlocation location, jclass field_klass, jobject object, j

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaEventServer.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1440
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2417448709416385
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l+LADzcCjadu1txScPArZXOuAR5qLtmWltXUC/sf4ADSt9:Ra2Sco9XOuAaplUC/sfy
                                                                                                                                                                                                                                                                        MD5:94DE75F30ECA367499F6C3CA7905048C
                                                                                                                                                                                                                                                                        SHA1:26B550FAC776E0647ECEB2B246086D07DBB1F12B
                                                                                                                                                                                                                                                                        SHA-256:289AF20BDC7D004491E224531CE0C267D251AEF5EBAD5F3FED1AF750679F26C9
                                                                                                                                                                                                                                                                        SHA-512:4A822471535DCEA02B5DD73CDE60C3965910F5187E0D7E1F1691E0483921DEE6C2B13E9BC3D1EC952186BCCAD6D05E79266C77BBF8060329C71715D3DA9B4496
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once..#include "pipe.h"....//pipe for transmitting java events like method load/free....#define EVENTCMD_METHODLOAD 0..#define EVENTCMD_METHODUNLOAD 1..#define EVENTCMD_DYNAMICCODEGENERATED 2..#define EVENTCMD_FIELDMODIFICATION 3..#define EVENTCMD_TERMINATED 255....using namespace std;....typedef struct..{...jfieldID fieldid;...jclass klass;...jobject object;..} FindWhatWritesEntry, *PFindWhatWritesEntry;....class CJavaEventServer :...public Pipe..{..private:...wchar_t pipename[256];...jvmtiEnv *jvmti_env;...vector<PFindWhatWritesEntry> FindWhatWritesList;....public:...CJavaEventServer(jvmtiEnv *jvmti_env);...~CJavaEventServer(void);.....void MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr);...void MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr);...void DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length);...void FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jth

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaServer.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):42621
                                                                                                                                                                                                                                                                        Entropy (8bit):5.318768758669348
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:Qw5oITw/RTdMaf2lBpn/Z2jc/AKJlXCR5A6Qw/iNufJiTTvMm5ETln6H:V1TwU7BJRCZQw/iNuBiTTvMvl6H
                                                                                                                                                                                                                                                                        MD5:AFABA48AD9AFA999503CCAAC45DF0710
                                                                                                                                                                                                                                                                        SHA1:45FEF1F5289CB3FD353F43EFD13ECE034803C9CD
                                                                                                                                                                                                                                                                        SHA-256:E02208CA6EBED1999D9761CC865CE98EABA28966DC32F40B5789733E52783BF9
                                                                                                                                                                                                                                                                        SHA-512:66B995A75C6F90177BCE4DCC93783B1409D20B8FF1C318B79B8DD7C8FE6A1DEE2F0AB906F30C5390D1C7B043D4E99717BF6FBC267318932D066721294C663552
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#include "StdAfx.h"..#include "JavaServer.h"....using namespace std;....int serverid=0;..int tagcount=0;....CJavaServer::CJavaServer(jvmtiEnv* jvmti_env, JNIEnv* jni_env)..{...//create a named pipe...jvmtiCapabilities cap;.......this->jni=jni_env;...this->jvmti=jvmti_env;.......jvmti->GetCapabilities(&cap);.....if (serverid==0)....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d", GetCurrentProcessId());...else....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d_%d", GetCurrentProcessId(),serverid);.......serverid++;..}....void CJavaServer::CreatePipeandWaitForconnect(void)..{....if ((pipehandle) && (pipehandle!=INVALID_HANDLE_VALUE))...{....CloseHandle(pipehandle);....pipehandle=0;...}.....pipehandle=CreateNamedPipe(pipename, PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, 1,256*1024, 16, INFINITE, NULL);...ConnectNamedPipe(pipehandle, NULL);..}....CJavaServer::~CJavaServer(void)..{....}....void CJavaServer::StartCodeCallbacks(void)..{...if (old_eventserve

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaServer.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2957
                                                                                                                                                                                                                                                                        Entropy (8bit):5.440878996694979
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:ayZG0XyeJljj2/1lXdYTpCvLYsdiLYQFtbfmtTZzlLj:FG0XyeJp41ld8CTYFYQFF0
                                                                                                                                                                                                                                                                        MD5:8A6C5C03E9FEF26236D765C96CA20085
                                                                                                                                                                                                                                                                        SHA1:01C3F3D91B2EB573E0C92BB7B2F656A42A31FB1D
                                                                                                                                                                                                                                                                        SHA-256:962F6BA49567FD76AD41C87A10763249C320294A5C971B089E935B864E824AD3
                                                                                                                                                                                                                                                                        SHA-512:031FA1505CC5345144247B25A6791A265EFCD05ECEDAB5421215DFD6F30F64E6677EA5B23DF2BCE0118DC865C5C3AA67B704338BE9693663B8C1E26CF27A19C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#include "JavaEventServer.h"....#define JAVACMD_STARTCODECALLBACKS 0..#define JAVACMD_STOPCODECALLBACKS 1..#define JAVACMD_GETLOADEDCLASSES 2..#define JAVACMD_DEREFERENCELOCALOBJECT 3..#define JAVACMD_GETCLASSMETHODS 4..#define JAVACMD_GETCLASSFIELDS 5..#define JAVACMD_GETIMPLEMENTEDINTERFACES 6..#define JAVAVMD_FINDREFERENCESTOOBJECT 7..#define JAVACMD_FINDJOBJECT 8..#define JAVACMD_GETCLASSSIGNATURE 9..#define JAVACMD_GETSUPERCLASS 10..#define JAVACMD_GETOBJECTCLASS 11..#define JAVACMD_GETCLASSDATA 12..#define JAVACMD_REDEFINECLASS 13..#define JAVACMD_FINDCLASS 14..#define JAVACMD_GETCAPABILITIES 15..#define JAVACMD_GETMETHODNAME 16..#define JAVACMD_INVOKEMETHOD 17..#define JAVACMD_FINDCLASSOBJECTS 18..#define JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH 19..#define JAVACMD_ADDTOSYSTEMCLASSLOADERPATH 20..#define JAVACMD_PUSHLOCALFRAME 21..#define JAVACMD_POPLOCALFRAME 22..#define JAVACMD_GETFIELDDECLARINGCLASS 23..#define JAVACMD_GETFIELDSIGNATURE 24..#define JAVACMD_GETFIEL

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\dllmain.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):410
                                                                                                                                                                                                                                                                        Entropy (8bit):5.041995140928715
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:j/ltWmmylAoQw/UkKTQRWDKSRROaAOaWZKSR7Mjoa:rWy7VU9aWGM3wWQMcoa
                                                                                                                                                                                                                                                                        MD5:66EFA1B79D7AEF68DFA369074ABC9CAA
                                                                                                                                                                                                                                                                        SHA1:67C347B1F2F8712B0CABB60E7E111CA1B3171F38
                                                                                                                                                                                                                                                                        SHA-256:542E67D6247001859B6BB38C2AA085F5446371EB2F2385546E12D0BF275DE503
                                                                                                                                                                                                                                                                        SHA-512:09DFBE5F7D95BBA3D4B9107C872F8690F6A714888B3146CA3E1468E41588D872EEE68AE8C4CC96B85B73B6F96F450C1D20496D9401BC94932D6F357EE42A225E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"....BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:...case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-15NU9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):42621
                                                                                                                                                                                                                                                                        Entropy (8bit):5.318768758669348
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:Qw5oITw/RTdMaf2lBpn/Z2jc/AKJlXCR5A6Qw/iNufJiTTvMm5ETln6H:V1TwU7BJRCZQw/iNuBiTTvMvl6H
                                                                                                                                                                                                                                                                        MD5:AFABA48AD9AFA999503CCAAC45DF0710
                                                                                                                                                                                                                                                                        SHA1:45FEF1F5289CB3FD353F43EFD13ECE034803C9CD
                                                                                                                                                                                                                                                                        SHA-256:E02208CA6EBED1999D9761CC865CE98EABA28966DC32F40B5789733E52783BF9
                                                                                                                                                                                                                                                                        SHA-512:66B995A75C6F90177BCE4DCC93783B1409D20B8FF1C318B79B8DD7C8FE6A1DEE2F0AB906F30C5390D1C7B043D4E99717BF6FBC267318932D066721294C663552
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#include "StdAfx.h"..#include "JavaServer.h"....using namespace std;....int serverid=0;..int tagcount=0;....CJavaServer::CJavaServer(jvmtiEnv* jvmti_env, JNIEnv* jni_env)..{...//create a named pipe...jvmtiCapabilities cap;.......this->jni=jni_env;...this->jvmti=jvmti_env;.......jvmti->GetCapabilities(&cap);.....if (serverid==0)....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d", GetCurrentProcessId());...else....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d_%d", GetCurrentProcessId(),serverid);.......serverid++;..}....void CJavaServer::CreatePipeandWaitForconnect(void)..{....if ((pipehandle) && (pipehandle!=INVALID_HANDLE_VALUE))...{....CloseHandle(pipehandle);....pipehandle=0;...}.....pipehandle=CreateNamedPipe(pipename, PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, 1,256*1024, 16, INFINITE, NULL);...ConnectNamedPipe(pipehandle, NULL);..}....CJavaServer::~CJavaServer(void)..{....}....void CJavaServer::StartCodeCallbacks(void)..{...if (old_eventserve

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-B19QJ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):294
                                                                                                                                                                                                                                                                        Entropy (8bit):4.740307510696171
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jGmyXH+5AMRNT15eAbyRFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcxLglON:jGXXHJYx5fCE+yi5JlZ+4cWAoQB6mpcV
                                                                                                                                                                                                                                                                        MD5:2B573B5A4D6EC77A3138EC43A1B260C9
                                                                                                                                                                                                                                                                        SHA1:2A210A2645A2B8155CA8740211D6B366BA0D293D
                                                                                                                                                                                                                                                                        SHA-256:4CFBA14A6F738DD17BE066C3A8F595B84C0C33C1774C83736987B9EE8C0DF16B
                                                                                                                                                                                                                                                                        SHA-512:A04185BF7DA42D22F0AE01C55EFB7AA5FE0C5924820DF3AF2439B06E472131FB5659577B970834C08FBCA610A10EF41909B412B94B65BB5C8465047697647FDE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.cpp : source file that includes just the standard includes..// CEJVMTI.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-C4IQ9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2957
                                                                                                                                                                                                                                                                        Entropy (8bit):5.440878996694979
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:ayZG0XyeJljj2/1lXdYTpCvLYsdiLYQFtbfmtTZzlLj:FG0XyeJp41ld8CTYFYQFF0
                                                                                                                                                                                                                                                                        MD5:8A6C5C03E9FEF26236D765C96CA20085
                                                                                                                                                                                                                                                                        SHA1:01C3F3D91B2EB573E0C92BB7B2F656A42A31FB1D
                                                                                                                                                                                                                                                                        SHA-256:962F6BA49567FD76AD41C87A10763249C320294A5C971B089E935B864E824AD3
                                                                                                                                                                                                                                                                        SHA-512:031FA1505CC5345144247B25A6791A265EFCD05ECEDAB5421215DFD6F30F64E6677EA5B23DF2BCE0118DC865C5C3AA67B704338BE9693663B8C1E26CF27A19C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#include "JavaEventServer.h"....#define JAVACMD_STARTCODECALLBACKS 0..#define JAVACMD_STOPCODECALLBACKS 1..#define JAVACMD_GETLOADEDCLASSES 2..#define JAVACMD_DEREFERENCELOCALOBJECT 3..#define JAVACMD_GETCLASSMETHODS 4..#define JAVACMD_GETCLASSFIELDS 5..#define JAVACMD_GETIMPLEMENTEDINTERFACES 6..#define JAVAVMD_FINDREFERENCESTOOBJECT 7..#define JAVACMD_FINDJOBJECT 8..#define JAVACMD_GETCLASSSIGNATURE 9..#define JAVACMD_GETSUPERCLASS 10..#define JAVACMD_GETOBJECTCLASS 11..#define JAVACMD_GETCLASSDATA 12..#define JAVACMD_REDEFINECLASS 13..#define JAVACMD_FINDCLASS 14..#define JAVACMD_GETCAPABILITIES 15..#define JAVACMD_GETMETHODNAME 16..#define JAVACMD_INVOKEMETHOD 17..#define JAVACMD_FINDCLASSOBJECTS 18..#define JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH 19..#define JAVACMD_ADDTOSYSTEMCLASSLOADERPATH 20..#define JAVACMD_PUSHLOCALFRAME 21..#define JAVACMD_POPLOCALFRAME 22..#define JAVACMD_GETFIELDDECLARINGCLASS 23..#define JAVACMD_GETFIELDSIGNATURE 24..#define JAVACMD_GETFIEL

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-FVK1L.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10039
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118940053099404
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:VnzWGB2Afbh77fByk+f8bi4n4w4RciFnFwFRyIF:RWGdfbhfB+f8bi4n4w4RciFnFwFRFF
                                                                                                                                                                                                                                                                        MD5:9EE34D72F0C9E158FCEBB31CD8878D6C
                                                                                                                                                                                                                                                                        SHA1:3F06D5E6E886961AF80FA823E2D52CE5CD0B84D8
                                                                                                                                                                                                                                                                        SHA-256:CAFE34E86117A15C4E0B40F12BCBB79CB6EF8F0AB8ED10DEF567357AB11637CD
                                                                                                                                                                                                                                                                        SHA-512:FB41AF029142289DE950BA7BC1512A586E9C9E2414F46BB755936637978D40ECA5D8E671369BE61ACD38E841BCD11C264E2DE55FBC087E91B4A7529FFE91A55B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="CEJVMTI"...ProjectGUID="{3C30A633-6797-4D59-936F-9A2A8CE79B25}"...RootNamespace="CEJVMTI"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="E:\source\openjdk\jdk\src\share\javavm\export;E:

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-G2L49.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):410
                                                                                                                                                                                                                                                                        Entropy (8bit):5.041995140928715
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:j/ltWmmylAoQw/UkKTQRWDKSRROaAOaWZKSR7Mjoa:rWy7VU9aWGM3wWQMcoa
                                                                                                                                                                                                                                                                        MD5:66EFA1B79D7AEF68DFA369074ABC9CAA
                                                                                                                                                                                                                                                                        SHA1:67C347B1F2F8712B0CABB60E7E111CA1B3171F38
                                                                                                                                                                                                                                                                        SHA-256:542E67D6247001859B6BB38C2AA085F5446371EB2F2385546E12D0BF275DE503
                                                                                                                                                                                                                                                                        SHA-512:09DFBE5F7D95BBA3D4B9107C872F8690F6A714888B3146CA3E1468E41588D872EEE68AE8C4CC96B85B73B6F96F450C1D20496D9401BC94932D6F357EE42A225E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"....BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:...case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-GVNPU.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4789
                                                                                                                                                                                                                                                                        Entropy (8bit):5.316244410627971
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:7VupFugSq0HelONyzkBB9SFMJt9Knqk1Nd4Gl5CRTjwn67xahZ9X7s1uvQ8zVYWO:UFupqXdkEFWsnqUNd4GX/6GFo2Y
                                                                                                                                                                                                                                                                        MD5:021AA48BED78C67E3A7969BE8BC0BB5B
                                                                                                                                                                                                                                                                        SHA1:CCA95A2D7D82ED610245D3AE88DD19C339C402AC
                                                                                                                                                                                                                                                                        SHA-256:C9EF523D9ABCAC32BC86CC5E316C03749B64EC4BCE0343289C05E9366639696D
                                                                                                                                                                                                                                                                        SHA-512:D3E10547D368D50863CC781E1831C5FA6264FAA9CC64AF6114E7F4E21D361849BBEE0784F0D653BC824079E43BDD8AE8D02B5574520497B07E0022CBAAEF3C32
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// CEJVMTI.cpp : Defines the exported functions for the DLL application...//....#include "stdafx.h"..#include "CEJVMTI.h"..#include "JavaServer.h"..#include "JavaEventServer.h"....void JNICALL AgentThread(jvmtiEnv* jvmti_env, JNIEnv* jni_env, void* arg)..{...CJavaServer *s=new CJavaServer(jvmti_env, jni_env);.....s->Start();.....delete s;...OutputDebugStringA("Still alive");....}........jvmtiIterationControl JNICALL initialHeapIterate(jlong class_tag, jlong size, jlong* tag_ptr, void* user_data)..{...//OutputDebugStringA("Tagging object\n");...*tag_ptr=1;...return JVMTI_ITERATION_CONTINUE;..}....int LaunchServer(jvmtiEnv *env, JNIEnv *jni)..{...jclass threadclass=jni->FindClass("java/lang/Thread");...if (threadclass==0)...{....OutputDebugStringA("jni->FindClass(\"java/lang/Thread\") failure");....return 0;...}.....jmethodID threadinit=jni->GetMethodID(threadclass, "<init>", "()V");...if (threadinit==0)...{....OutputDebugStringA("jni->GetMethodID failure");....return 0;...}..........//e

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LQITA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1440
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2417448709416385
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l+LADzcCjadu1txScPArZXOuAR5qLtmWltXUC/sf4ADSt9:Ra2Sco9XOuAaplUC/sfy
                                                                                                                                                                                                                                                                        MD5:94DE75F30ECA367499F6C3CA7905048C
                                                                                                                                                                                                                                                                        SHA1:26B550FAC776E0647ECEB2B246086D07DBB1F12B
                                                                                                                                                                                                                                                                        SHA-256:289AF20BDC7D004491E224531CE0C267D251AEF5EBAD5F3FED1AF750679F26C9
                                                                                                                                                                                                                                                                        SHA-512:4A822471535DCEA02B5DD73CDE60C3965910F5187E0D7E1F1691E0483921DEE6C2B13E9BC3D1EC952186BCCAD6D05E79266C77BBF8060329C71715D3DA9B4496
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once..#include "pipe.h"....//pipe for transmitting java events like method load/free....#define EVENTCMD_METHODLOAD 0..#define EVENTCMD_METHODUNLOAD 1..#define EVENTCMD_DYNAMICCODEGENERATED 2..#define EVENTCMD_FIELDMODIFICATION 3..#define EVENTCMD_TERMINATED 255....using namespace std;....typedef struct..{...jfieldID fieldid;...jclass klass;...jobject object;..} FindWhatWritesEntry, *PFindWhatWritesEntry;....class CJavaEventServer :...public Pipe..{..private:...wchar_t pipename[256];...jvmtiEnv *jvmti_env;...vector<PFindWhatWritesEntry> FindWhatWritesList;....public:...CJavaEventServer(jvmtiEnv *jvmti_env);...~CJavaEventServer(void);.....void MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr);...void MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr);...void DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length);...void FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jth

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MPO1C.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):542
                                                                                                                                                                                                                                                                        Entropy (8bit):4.851662037036262
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:jG0/fS4gZS4pSypyZbRAo9DGmreL5GAxA0jAiVvAihASAGjAz6cMqpcP6v:Fnapa9NBm5Gk/jfv3LBj9cMqpcs
                                                                                                                                                                                                                                                                        MD5:3718862895EA61A1A87FEB925092F535
                                                                                                                                                                                                                                                                        SHA1:7733DE8657B606A4BF18B844DEA6C500642EF964
                                                                                                                                                                                                                                                                        SHA-256:2FD0179BA87126CC35FB41D63FBEBBFBA185414960720B0A3DA652EC3B1AF641
                                                                                                                                                                                                                                                                        SHA-512:9357D5C4125F7CE8D2D31A72CFF04BA357565F69E0ED099076572C4E48B2A9E34C077D7462EBABC371952E6F9F48AAC17A1EFEE682573B49F7A7CF9752A41584
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently, but..// are changed infrequently..//....#pragma once....#include "targetver.h"....#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers..// Windows Header Files:..#include <windows.h>..#include <jvmti.h>..#include <classfile_constants.h>..#include <pipe.h>..#include <map>..#include <list>..#include <vector>......// TODO: reference additional headers your program requires here..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-SDETK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                                                        Entropy (8bit):4.639223269334076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                                                                                        MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                                                                                        SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                                                                                        SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                                                                                        SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-V029I.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9131
                                                                                                                                                                                                                                                                        Entropy (8bit):5.432032141224608
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:reWH42e/J83LkXasXVHMFyWH9MWUnsUeTxtbPYN9:C42RA4VL/RV
                                                                                                                                                                                                                                                                        MD5:59529578CDE1AE578ABCAAA331AA4FBA
                                                                                                                                                                                                                                                                        SHA1:33AB98509ED784580A259D1B310827C50B842F50
                                                                                                                                                                                                                                                                        SHA-256:E3795C3B94C84491A368C78FCBC4076BFADCA038AFE74DA2FA7FAB7415945658
                                                                                                                                                                                                                                                                        SHA-512:ACBD3884642E466D29FBE6D6A7337CCBAEC55147EA735098F9E463C6875B52B255480745847C3EFABCBAC72F9B72DD45CF259880A8D4700AFB68C3C07AC747BE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#include "StdAfx.h"..#include "JavaEventServer.h"......CJavaEventServer *old_eventserver=NULL;..CJavaEventServer *eventserver=NULL;....jvmtiEventCallbacks callbacks;......void JNICALL MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr, jint map_length, ..........const jvmtiAddrLocationMap* map, const void* compile_info)..{...if (eventserver)....eventserver->MethodLoad(jvmti_env, method, code_size, code_addr);....}....void JNICALL MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr)..{...if (eventserver)....eventserver->MethodUnload(jvmti_env, method, code_addr);..}....void JNICALL DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length)..{...if (eventserver)....eventserver->DynamicCodeGenerated(jvmti_env, name, address,length);..}....void JNICALL FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jthread thread, jmethodID method, jlocation location, jclass field_klass, jobject object, j

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VLRG6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):836
                                                                                                                                                                                                                                                                        Entropy (8bit):5.079968529942336
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:CwCaxHbe4JGywvVwOPGkTAIbDNzHOqMfsqM98DU+V6E:vxHbe4kywBGkTAIfNzHOqMUqM98wc6E
                                                                                                                                                                                                                                                                        MD5:20AF26E2AB559DDC6CA1929834DA003E
                                                                                                                                                                                                                                                                        SHA1:7AE93554FBCEC9851F68F16A2EAED9C3F299CE5F
                                                                                                                                                                                                                                                                        SHA-256:18C5FB7CB71EB7B2D1835CE44B24E09213AA885C1407E4E2401FBD2D74970D8E
                                                                                                                                                                                                                                                                        SHA-512:B9FF67E715E0489D761424266EDA7049F40FE38E0EE4F595B1D4B43E6E9F829074827DC4EBBF9FF368BE02A90A9343117930C88ED5FBB8E3D8EEBDA43A857D90
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// The following ifdef block is the standard way of creating macros which make exporting ..// from a DLL simpler. All files within this DLL are compiled with the CEJVMTI_EXPORTS..// symbol defined on the command line. this symbol should not be defined on any project..// that uses this DLL. This way any other project whose source files include this file see ..// CEJVMTI_API functions as being imported from a DLL, whereas this DLL sees symbols..// defined with this macro as being exported...#ifdef CEJVMTI_EXPORTS..#define CEJVMTI_API __declspec(dllexport)..#else..#define CEJVMTI_API __declspec(dllimport)..#endif....// This class is exported from the CEJVMTI.dll..class CEJVMTI_API CCEJVMTI {..public:...CCEJVMTI(void);...// TODO: add your methods here...};....extern CEJVMTI_API int nCEJVMTI;....CEJVMTI_API int fnCEJVMTI(void);..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\stdafx.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):294
                                                                                                                                                                                                                                                                        Entropy (8bit):4.740307510696171
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jGmyXH+5AMRNT15eAbyRFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcxLglON:jGXXHJYx5fCE+yi5JlZ+4cWAoQB6mpcV
                                                                                                                                                                                                                                                                        MD5:2B573B5A4D6EC77A3138EC43A1B260C9
                                                                                                                                                                                                                                                                        SHA1:2A210A2645A2B8155CA8740211D6B366BA0D293D
                                                                                                                                                                                                                                                                        SHA-256:4CFBA14A6F738DD17BE066C3A8F595B84C0C33C1774C83736987B9EE8C0DF16B
                                                                                                                                                                                                                                                                        SHA-512:A04185BF7DA42D22F0AE01C55EFB7AA5FE0C5924820DF3AF2439B06E472131FB5659577B970834C08FBCA610A10EF41909B412B94B65BB5C8465047697647FDE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.cpp : source file that includes just the standard includes..// CEJVMTI.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\stdafx.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):542
                                                                                                                                                                                                                                                                        Entropy (8bit):4.851662037036262
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:jG0/fS4gZS4pSypyZbRAo9DGmreL5GAxA0jAiVvAihASAGjAz6cMqpcP6v:Fnapa9NBm5Gk/jfv3LBj9cMqpcs
                                                                                                                                                                                                                                                                        MD5:3718862895EA61A1A87FEB925092F535
                                                                                                                                                                                                                                                                        SHA1:7733DE8657B606A4BF18B844DEA6C500642EF964
                                                                                                                                                                                                                                                                        SHA-256:2FD0179BA87126CC35FB41D63FBEBBFBA185414960720B0A3DA652EC3B1AF641
                                                                                                                                                                                                                                                                        SHA-512:9357D5C4125F7CE8D2D31A72CFF04BA357565F69E0ED099076572C4E48B2A9E34C077D7462EBABC371952E6F9F48AAC17A1EFEE682573B49F7A7CF9752A41584
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently, but..// are changed infrequently..//....#pragma once....#include "targetver.h"....#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers..// Windows Header Files:..#include <windows.h>..#include <jvmti.h>..#include <classfile_constants.h>..#include <pipe.h>..#include <map>..#include <list>..#include <vector>......// TODO: reference additional headers your program requires here..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\targetver.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                                                        Entropy (8bit):4.639223269334076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                                                                                        MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                                                                                        SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                                                                                        SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                                                                                        SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-7C6BB.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1241
                                                                                                                                                                                                                                                                        Entropy (8bit):5.56652814239152
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPE7K71jtSk8H5IkT6GkTxkBZkm2kp6ckt8Ik/Tkk88W:pPAe1jtTeYQtYZ
                                                                                                                                                                                                                                                                        MD5:D602509D20C721D185D08DDFAB72EFD8
                                                                                                                                                                                                                                                                        SHA1:A7006EDA0FC346223377188F4941B39BE925E355
                                                                                                                                                                                                                                                                        SHA-256:F51DCDB8A36F5784994125E8F3451EA91A710FC844751319E839B448802E7A13
                                                                                                                                                                                                                                                                        SHA-512:02D79C2A4C1A175C38E35E08465B4C915FF2F185A10208F36C31B707AAE4E38BDB8E0F04F6DEE231622973ACBE12AD3A0B76EDFFBB69979337833C7E94A36108
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 10.00..# Visual Studio 2008..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CEJVMTI", "CEJVMTI\CEJVMTI.vcproj", "{3C30A633-6797-4D59-936F-9A2A8CE79B25}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.ActiveCfg = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.Build.0 = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.ActiveCfg = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.Build.0 = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.ActiveCfg = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.Build.0 = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector.sln (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1351
                                                                                                                                                                                                                                                                        Entropy (8bit):5.483553389434968
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPEkpnjkaUdex0H5p6DK/C868u8o2/b88W:pPTnjY6eqp8bo2/IZ
                                                                                                                                                                                                                                                                        MD5:9A2A2CADE7D370C563896D2C6F07D1C2
                                                                                                                                                                                                                                                                        SHA1:E01491AE49454E194C3B4DE2AE668AFEF27B3F3E
                                                                                                                                                                                                                                                                        SHA-256:287EE21B22308A8B979EB259417503D5B1542BBBF0859EE9344C085DE7866495
                                                                                                                                                                                                                                                                        SHA-512:CB9337B576030AF522180F16D8B52B36A9CC8099DB19A17D18CE92559C191CA4B61F27BBDA051E895A7E9455033BAB3C52FD057FA52F138F735DCC485F46B546
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.30723.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MonoDataCollector", "MonoDataCollector\MonoDataCollector.vcxproj", "{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.ActiveCfg = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.Build.0 = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.ActiveCfg = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.Build.0 = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Release|Win32.ActiveCfg = Release|Win32....{941726A

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\Metadata.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4749
                                                                                                                                                                                                                                                                        Entropy (8bit):5.050824950813426
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:iDz9qCj948ryMvEsMXoQ/O04a0smj9Mn/jMi/Y3SfsdIrmjFFZpmb/RmAdnEm1pd:g5p1O33Bk+QF9jeh9pBdPpFN
                                                                                                                                                                                                                                                                        MD5:1E571535D8459B8A3FCBA0C9E4871FA4
                                                                                                                                                                                                                                                                        SHA1:1C0F2CED9985BA808A648C9D95D7DB5076082985
                                                                                                                                                                                                                                                                        SHA-256:E66368085DB41EF91395CC1212A970117376B5B535E97F291FD71B2277BA9619
                                                                                                                                                                                                                                                                        SHA-512:3369613A4BDE6B49C73AD70E8DF2EBE7BD1C05FD0D7CBC5E87C5F1F3408FA36F8D7A40C19B097E541A649D7C0F30EE9FDB46B677E926A7A862FA2B794FDC9A80
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview://original source: blob.h in the mono sourcecode....../*.. * Encoding for type signatures used in the Metadata.. */..typedef enum {...MONO_TYPE_END = 0x00, /* End of List */...MONO_TYPE_VOID = 0x01,...MONO_TYPE_BOOLEAN = 0x02,...MONO_TYPE_CHAR = 0x03,...MONO_TYPE_I1 = 0x04,...MONO_TYPE_U1 = 0x05,...MONO_TYPE_I2 = 0x06,...MONO_TYPE_U2 = 0x07,...MONO_TYPE_I4 = 0x08,...MONO_TYPE_U4 = 0x09,...MONO_TYPE_I8 = 0x0a,...MONO_TYPE_U8 = 0x0b,...MONO_TYPE_R4 = 0x0c,...MONO_TYPE_R8 = 0x0d,...MONO_TYPE_STRING = 0x0e,...MONO_TYPE_PTR = 0x0f, /* arg: <type> token */...MONO_TYPE_BYREF = 0x10, /* arg: <type> token */...MONO_TYPE_VALUETYPE = 0x11, /* arg: <type> token */...MONO_TYPE_CLASS = 0x12, /* arg: <type> token */...MONO_TYPE_VAR. = 0x13,. /* number */...MONO_TYPE_ARRAY = 0x14, /* type, rank, boundsCount, bound1, loCount, lo1 */..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3498
                                                                                                                                                                                                                                                                        Entropy (8bit):5.386752810495523
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:ycfIokZotRYYftF1//JlB/R+reZhIxL3HmVZirMiKH8gEIsrdGXCYIr/J+Nn35t1:tAokZotRYYftF1//JlB/R+qZhIxL3Hm1
                                                                                                                                                                                                                                                                        MD5:35C7C5B4162098879D86CA2D5D7403E7
                                                                                                                                                                                                                                                                        SHA1:BDB921B2A10398DE218F33EDD4028E2B247F8592
                                                                                                                                                                                                                                                                        SHA-256:6F971E6E28F95B72775FA0D85922F58FC6BB5B68B34DB72C9D2F69E9374CA09C
                                                                                                                                                                                                                                                                        SHA-512:70C259E5C01D1EAD0694ADEBAC7639998A2EA3ECB52961B22F74C113669CCD50F80E884EF30D8DEB02028736A06B71F82F3A80EE20121613F8F3049C4D8D2655
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifdef _WINDOWS..#include "stdafx.h"..#elif __linux__..#include "linuxport.h"..#else..#include "macport.h"..#endif....#include "PipeServer.h"........HANDLE DataCollectorThread;..HANDLE SuicideThread;..HINSTANCE g_hInstance;....typedef enum _THREADINFOCLASS {.. ThreadBasicInformation,.. ThreadTimes,.. ThreadPriority,.. ThreadBasePriority,.. ThreadAffinityMask,.. ThreadImpersonationToken,.. ThreadDescriptorTableEntry,.. ThreadEnableAlignmentFaultFixup,.. ThreadEventPair_Reusable,.. ThreadQuerySetWin32StartAddress,.. ThreadZeroTlsCell,.. ThreadPerformanceCount,.. ThreadAmILastThread,.. ThreadIdealProcessor,.. ThreadPriorityBoost,.. ThreadSetTlsArrayAddress, // Obsolete.. ThreadIsIoPending,.. ThreadHideFromDebugger,.. ThreadBreakOnTermination,.. ThreadSwitchLegacyState,.. ThreadIsTerminated,.. ThreadLastSystemCall,.. ThreadIoPriority,.. ThreadCycleTime,.. ThreadPagePriority,.. ThreadActualBasePriority,.. Thr

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):361
                                                                                                                                                                                                                                                                        Entropy (8bit):5.139139694869984
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:2+bxmgVJAl3JmgRF80JRiCIqj/uFSJAQaP5a0Tj/5vpL5a0iTVDzz4jLxwLDPVMy:lbxVJAl5XRF1JTfJAQQQIxvpLQ/PSNw/
                                                                                                                                                                                                                                                                        MD5:A9DA212C35E442501960243A47A7C4DA
                                                                                                                                                                                                                                                                        SHA1:DA608C4AA6EEF1755F29366EA40BF826F07FFEB3
                                                                                                                                                                                                                                                                        SHA-256:23042548A0B202F76F0B66332844D796FC20C4FB4937D92299156E503ABC3F1D
                                                                                                                                                                                                                                                                        SHA-512:8A6C5A941C051C52C9DF9B151B354F3C82ED4E8041D000CD6DC2869A99C16064F753A9B6391F15A0A51CDB3CC9972FA0D3F3F191BA813BA00FD6A185D042BD76
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....extern HANDLE DataCollectorThread;..extern HANDLE SuicideThread;..extern HINSTANCE g_hInstance;..DWORD WINAPI DataCollectorEntry(LPVOID lpThreadParameter);..DWORD WINAPI SuicideCheck(LPVOID lpThreadParameter);....#ifdef __APPLE__..void MacPortEntryPoint(void *param);..#endif....#ifdef __linux__..void LinuxPortEntryPoint(void *param);..#endif..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.vcproj (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5600
                                                                                                                                                                                                                                                                        Entropy (8bit):5.094870445203132
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:drlz+71S6oa5zNq5+NtoottAipiwpHipfwp56q3bI4:Zp+skNca8i4whiFwyqb
                                                                                                                                                                                                                                                                        MD5:005A2F50AB3176D92010BE6DDF941655
                                                                                                                                                                                                                                                                        SHA1:9978E4C49D43172F8855A4748168345F2CA5BFF5
                                                                                                                                                                                                                                                                        SHA-256:A73AE1CBF54A722CE9433DA14D0600AFD504B09F5F681ED4BE9C9F5EF0E16A38
                                                                                                                                                                                                                                                                        SHA-512:8EC75F7B33F5C97853B63675621430A4C3975E8D6737A546D5983917E2C5FF17D4B6517FBA9D74F0F7C61CF4111F101B1231A97556A09908EC3B5EDF843859F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="MonoDataCollector"...ProjectGUID="{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"...RootNamespace="MonoDataCollector"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="..\..\Common"......PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\PipeServer.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):71747
                                                                                                                                                                                                                                                                        Entropy (8bit):5.443198228857467
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:23vsKL5IB9DGdvGgFmk2N8VBFFlIsc8bOJObk:20Kq8VBFNc85k
                                                                                                                                                                                                                                                                        MD5:6E26B821A5660C3FB1414DBBA46636BF
                                                                                                                                                                                                                                                                        SHA1:E5AFF92AABB4C902CA2CE617DD2546956648C462
                                                                                                                                                                                                                                                                        SHA-256:F125B75EE7CAC4F30B9C399B6A371B62A3960E4DB11A64F8937E469B9C2BDD40
                                                                                                                                                                                                                                                                        SHA-512:647514B0E0537F3018DB7F500FDA81801AB68E02F663892E4D3A3A9A71CBD303A356371C227BBAC3154E883AEFEDDEC699CF40C99B2096E6F993B8B857C2A316
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifdef _WINDOWS..#include "StdAfx.h"..#endif....#ifdef __APPLE__..#include "macport.h"..#endif....#include <setjmp.h>..#ifdef __linux__..#include <signal.h>..#include <sys/types.h>..#include <string.h>..#include <unistd.h>..#include <sys/syscall.h>....#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 30..#define gettid() syscall(SYS_gettid)..#endif....#endif //linux........#include <signal.h>..#include <sys/types.h>....#include "PipeServer.h"........BOOL ExpectingAccessViolations = FALSE;....#ifdef _WINDOWS..#pragma warning( disable : 4101)..HANDLE MDC_ServerPipe = 0;..DWORD ExpectingAccessViolationsThread = 0;..#else..uint64_t ExpectingAccessViolationsThread = 0;..#endif....typedef uint64_t QWORD;......jmp_buf onError;....void ErrorThrow(void)..{...longjmp(onError, 1);..}......#ifdef _WINDOWS......int looper = 0;..LONG NTAPI ErrorFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)..{...if ((ExpectingAccessViolations) && (GetCurrentThreadId() == ExpectingAccessViolationsThread) && (ExceptionInfo->

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\PipeServer.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17047
                                                                                                                                                                                                                                                                        Entropy (8bit):5.4217354569721214
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:cBl0g5ShHzjEs2eI4Nw6YolkVXWNcN5qHyVGwuY0aUO+HXL:cBl1Y0j67lkVXWNcNiywbb
                                                                                                                                                                                                                                                                        MD5:359419B5EAD252EE248BE37873672D8E
                                                                                                                                                                                                                                                                        SHA1:0E18258FFC1E29A9E53824A8F86383E1BC2FC603
                                                                                                                                                                                                                                                                        SHA-256:FA4715152CC91D2F6C5C170FADDA74961A2CB12809F560AA37A34F7C185C76F0
                                                                                                                                                                                                                                                                        SHA-512:0F757B21B356676FE376D99F64189D86795FD6E9DB411B661A517E1B20172D7183129CC8762DB7E19DD83C826AFD57B6C35AFDCBAEC05C2AF83C6496F7C4D2D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#include <Pipe.h>..#ifndef _WINDOWS..#include "Metadata.h"..#endif...... //yyyymmdd..#define MONO_DATACOLLECTORVERSION 20221207 ....#define MONOCMD_INITMONO 0..#define MONOCMD_OBJECT_GETCLASS 1..#define MONOCMD_ENUMDOMAINS 2..#define MONOCMD_SETCURRENTDOMAIN 3..#define MONOCMD_ENUMASSEMBLIES 4..#define MONOCMD_GETIMAGEFROMASSEMBLY 5..#define MONOCMD_GETIMAGENAME 6..#define MONOCMD_ENUMCLASSESINIMAGE 7..#define MONOCMD_ENUMFIELDSINCLASS 8..#define MONOCMD_ENUMMETHODSINCLASS 9..#define MONOCMD_COMPILEMETHOD 10....#define MONOCMD_GETMETHODHEADER 11..#define MONOCMD_GETMETHODHEADER_CODE 12..#define MONOCMD_LOOKUPRVA 13..#define MONOCMD_GETJITINFO 14..#define MONOCMD_FINDCLASS 15..#define MONOCMD_FINDMETHOD 16..#define MONOCMD_GETMETHODNAME 17..#define MONOCMD_GETMETHODCLASS 18..#define MONOCMD_GETCLASSNAME 19..#define MONOCMD_GETCLASSNAMESPACE 20..#define MONOCMD_FREEMETHOD 21..#define MONOCMD_TERMINATE 22..#define MONOCMD_DISASSEMBLE 23..#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\dllmain.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):682
                                                                                                                                                                                                                                                                        Entropy (8bit):5.267391865519074
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:j/ltWmmylAoQ3/UkKTzuKTRWDKSRWMqIJCJAlosePSJAQnxPs5rF43oLOaAOaWZW:rWy7sU9zu6WGMKIAXsCStxPs5rF43olG
                                                                                                                                                                                                                                                                        MD5:4A220BB5A39A19E5E63123E8BA31FAF9
                                                                                                                                                                                                                                                                        SHA1:3E6667ED6E85E021FD9091C8EB2FDCA3C2DDEF41
                                                                                                                                                                                                                                                                        SHA-256:01F9B1931FDC3D8CB1B82D759A182AE617AF8986846A2B6F23092F78A39C8AD7
                                                                                                                                                                                                                                                                        SHA-512:734FD1ACEEE62A86A56DFC94E6E6FF264AE924AADFDC47EAC405E252FE3965633992D192CFAC6068AD7F2CAA170B594A0839D09ECE60976A27A363F69C1E1A5D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"......BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...OutputDebugStringA("MDC: DllMain");...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:....//OutputDebugStringA("DllMain entry");....g_hInstance=hModule;....DataCollectorThread=CreateThread(NULL, 0, DataCollectorEntry, NULL, 0, NULL);....SuicideThread=0;//CreateThread(NULL, 0, SuicideCheck, NULL, 0, NULL);....break;.....case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4ATFF.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                                                        Entropy (8bit):4.639223269334076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                                                                                        MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                                                                                        SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                                                                                        SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                                                                                        SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-4OTKH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):361
                                                                                                                                                                                                                                                                        Entropy (8bit):5.139139694869984
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:2+bxmgVJAl3JmgRF80JRiCIqj/uFSJAQaP5a0Tj/5vpL5a0iTVDzz4jLxwLDPVMy:lbxVJAl5XRF1JTfJAQQQIxvpLQ/PSNw/
                                                                                                                                                                                                                                                                        MD5:A9DA212C35E442501960243A47A7C4DA
                                                                                                                                                                                                                                                                        SHA1:DA608C4AA6EEF1755F29366EA40BF826F07FFEB3
                                                                                                                                                                                                                                                                        SHA-256:23042548A0B202F76F0B66332844D796FC20C4FB4937D92299156E503ABC3F1D
                                                                                                                                                                                                                                                                        SHA-512:8A6C5A941C051C52C9DF9B151B354F3C82ED4E8041D000CD6DC2869A99C16064F753A9B6391F15A0A51CDB3CC9972FA0D3F3F191BA813BA00FD6A185D042BD76
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....extern HANDLE DataCollectorThread;..extern HANDLE SuicideThread;..extern HINSTANCE g_hInstance;..DWORD WINAPI DataCollectorEntry(LPVOID lpThreadParameter);..DWORD WINAPI SuicideCheck(LPVOID lpThreadParameter);....#ifdef __APPLE__..void MacPortEntryPoint(void *param);..#endif....#ifdef __linux__..void LinuxPortEntryPoint(void *param);..#endif..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-73TJP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5600
                                                                                                                                                                                                                                                                        Entropy (8bit):5.094870445203132
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:drlz+71S6oa5zNq5+NtoottAipiwpHipfwp56q3bI4:Zp+skNca8i4whiFwyqb
                                                                                                                                                                                                                                                                        MD5:005A2F50AB3176D92010BE6DDF941655
                                                                                                                                                                                                                                                                        SHA1:9978E4C49D43172F8855A4748168345F2CA5BFF5
                                                                                                                                                                                                                                                                        SHA-256:A73AE1CBF54A722CE9433DA14D0600AFD504B09F5F681ED4BE9C9F5EF0E16A38
                                                                                                                                                                                                                                                                        SHA-512:8EC75F7B33F5C97853B63675621430A4C3975E8D6737A546D5983917E2C5FF17D4B6517FBA9D74F0F7C61CF4111F101B1231A97556A09908EC3B5EDF843859F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="MonoDataCollector"...ProjectGUID="{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"...RootNamespace="MonoDataCollector"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="..\..\Common"......PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-D5CF5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4749
                                                                                                                                                                                                                                                                        Entropy (8bit):5.050824950813426
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:iDz9qCj948ryMvEsMXoQ/O04a0smj9Mn/jMi/Y3SfsdIrmjFFZpmb/RmAdnEm1pd:g5p1O33Bk+QF9jeh9pBdPpFN
                                                                                                                                                                                                                                                                        MD5:1E571535D8459B8A3FCBA0C9E4871FA4
                                                                                                                                                                                                                                                                        SHA1:1C0F2CED9985BA808A648C9D95D7DB5076082985
                                                                                                                                                                                                                                                                        SHA-256:E66368085DB41EF91395CC1212A970117376B5B535E97F291FD71B2277BA9619
                                                                                                                                                                                                                                                                        SHA-512:3369613A4BDE6B49C73AD70E8DF2EBE7BD1C05FD0D7CBC5E87C5F1F3408FA36F8D7A40C19B097E541A649D7C0F30EE9FDB46B677E926A7A862FA2B794FDC9A80
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview://original source: blob.h in the mono sourcecode....../*.. * Encoding for type signatures used in the Metadata.. */..typedef enum {...MONO_TYPE_END = 0x00, /* End of List */...MONO_TYPE_VOID = 0x01,...MONO_TYPE_BOOLEAN = 0x02,...MONO_TYPE_CHAR = 0x03,...MONO_TYPE_I1 = 0x04,...MONO_TYPE_U1 = 0x05,...MONO_TYPE_I2 = 0x06,...MONO_TYPE_U2 = 0x07,...MONO_TYPE_I4 = 0x08,...MONO_TYPE_U4 = 0x09,...MONO_TYPE_I8 = 0x0a,...MONO_TYPE_U8 = 0x0b,...MONO_TYPE_R4 = 0x0c,...MONO_TYPE_R8 = 0x0d,...MONO_TYPE_STRING = 0x0e,...MONO_TYPE_PTR = 0x0f, /* arg: <type> token */...MONO_TYPE_BYREF = 0x10, /* arg: <type> token */...MONO_TYPE_VALUETYPE = 0x11, /* arg: <type> token */...MONO_TYPE_CLASS = 0x12, /* arg: <type> token */...MONO_TYPE_VAR. = 0x13,. /* number */...MONO_TYPE_ARRAY = 0x14, /* type, rank, boundsCount, bound1, loCount, lo1 */..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-ESUM8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):304
                                                                                                                                                                                                                                                                        Entropy (8bit):4.661406565301994
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jGmyXH+5AMRNT15eAaiErJAhQFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcV:jGXXHJYx5fanrJAKE+yi5JlZ+4cWAoQI
                                                                                                                                                                                                                                                                        MD5:520DEFE1897C77FCE677BE903979DCA0
                                                                                                                                                                                                                                                                        SHA1:0EB32160624E8E3B72DF97E440EFCB211A09595C
                                                                                                                                                                                                                                                                        SHA-256:71E91D8847E8A4E4A757E441B7D785EDDDA95D55FF674E5054D0FDF781773361
                                                                                                                                                                                                                                                                        SHA-512:337D2893FB92760955D04E788E753B95C835A085929ED4144654899F9A54B96E84A7682A3C7885AA24F98E53FD5B2A2AC03D3F261CD3725F7D15E4422A2942A0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.cpp : source file that includes just the standard includes..// MonoDataCollector.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-EV9VL.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17047
                                                                                                                                                                                                                                                                        Entropy (8bit):5.4217354569721214
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:cBl0g5ShHzjEs2eI4Nw6YolkVXWNcN5qHyVGwuY0aUO+HXL:cBl1Y0j67lkVXWNcNiywbb
                                                                                                                                                                                                                                                                        MD5:359419B5EAD252EE248BE37873672D8E
                                                                                                                                                                                                                                                                        SHA1:0E18258FFC1E29A9E53824A8F86383E1BC2FC603
                                                                                                                                                                                                                                                                        SHA-256:FA4715152CC91D2F6C5C170FADDA74961A2CB12809F560AA37A34F7C185C76F0
                                                                                                                                                                                                                                                                        SHA-512:0F757B21B356676FE376D99F64189D86795FD6E9DB411B661A517E1B20172D7183129CC8762DB7E19DD83C826AFD57B6C35AFDCBAEC05C2AF83C6496F7C4D2D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....#include <Pipe.h>..#ifndef _WINDOWS..#include "Metadata.h"..#endif...... //yyyymmdd..#define MONO_DATACOLLECTORVERSION 20221207 ....#define MONOCMD_INITMONO 0..#define MONOCMD_OBJECT_GETCLASS 1..#define MONOCMD_ENUMDOMAINS 2..#define MONOCMD_SETCURRENTDOMAIN 3..#define MONOCMD_ENUMASSEMBLIES 4..#define MONOCMD_GETIMAGEFROMASSEMBLY 5..#define MONOCMD_GETIMAGENAME 6..#define MONOCMD_ENUMCLASSESINIMAGE 7..#define MONOCMD_ENUMFIELDSINCLASS 8..#define MONOCMD_ENUMMETHODSINCLASS 9..#define MONOCMD_COMPILEMETHOD 10....#define MONOCMD_GETMETHODHEADER 11..#define MONOCMD_GETMETHODHEADER_CODE 12..#define MONOCMD_LOOKUPRVA 13..#define MONOCMD_GETJITINFO 14..#define MONOCMD_FINDCLASS 15..#define MONOCMD_FINDMETHOD 16..#define MONOCMD_GETMETHODNAME 17..#define MONOCMD_GETMETHODCLASS 18..#define MONOCMD_GETCLASSNAME 19..#define MONOCMD_GETCLASSNAMESPACE 20..#define MONOCMD_FREEMETHOD 21..#define MONOCMD_TERMINATE 22..#define MONOCMD_DISASSEMBLE 23..#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-MROTH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3498
                                                                                                                                                                                                                                                                        Entropy (8bit):5.386752810495523
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:ycfIokZotRYYftF1//JlB/R+reZhIxL3HmVZirMiKH8gEIsrdGXCYIr/J+Nn35t1:tAokZotRYYftF1//JlB/R+qZhIxL3Hm1
                                                                                                                                                                                                                                                                        MD5:35C7C5B4162098879D86CA2D5D7403E7
                                                                                                                                                                                                                                                                        SHA1:BDB921B2A10398DE218F33EDD4028E2B247F8592
                                                                                                                                                                                                                                                                        SHA-256:6F971E6E28F95B72775FA0D85922F58FC6BB5B68B34DB72C9D2F69E9374CA09C
                                                                                                                                                                                                                                                                        SHA-512:70C259E5C01D1EAD0694ADEBAC7639998A2EA3ECB52961B22F74C113669CCD50F80E884EF30D8DEB02028736A06B71F82F3A80EE20121613F8F3049C4D8D2655
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifdef _WINDOWS..#include "stdafx.h"..#elif __linux__..#include "linuxport.h"..#else..#include "macport.h"..#endif....#include "PipeServer.h"........HANDLE DataCollectorThread;..HANDLE SuicideThread;..HINSTANCE g_hInstance;....typedef enum _THREADINFOCLASS {.. ThreadBasicInformation,.. ThreadTimes,.. ThreadPriority,.. ThreadBasePriority,.. ThreadAffinityMask,.. ThreadImpersonationToken,.. ThreadDescriptorTableEntry,.. ThreadEnableAlignmentFaultFixup,.. ThreadEventPair_Reusable,.. ThreadQuerySetWin32StartAddress,.. ThreadZeroTlsCell,.. ThreadPerformanceCount,.. ThreadAmILastThread,.. ThreadIdealProcessor,.. ThreadPriorityBoost,.. ThreadSetTlsArrayAddress, // Obsolete.. ThreadIsIoPending,.. ThreadHideFromDebugger,.. ThreadBreakOnTermination,.. ThreadSwitchLegacyState,.. ThreadIsTerminated,.. ThreadLastSystemCall,.. ThreadIoPriority,.. ThreadCycleTime,.. ThreadPagePriority,.. ThreadActualBasePriority,.. Thr

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-RDFDD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):71747
                                                                                                                                                                                                                                                                        Entropy (8bit):5.443198228857467
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:23vsKL5IB9DGdvGgFmk2N8VBFFlIsc8bOJObk:20Kq8VBFNc85k
                                                                                                                                                                                                                                                                        MD5:6E26B821A5660C3FB1414DBBA46636BF
                                                                                                                                                                                                                                                                        SHA1:E5AFF92AABB4C902CA2CE617DD2546956648C462
                                                                                                                                                                                                                                                                        SHA-256:F125B75EE7CAC4F30B9C399B6A371B62A3960E4DB11A64F8937E469B9C2BDD40
                                                                                                                                                                                                                                                                        SHA-512:647514B0E0537F3018DB7F500FDA81801AB68E02F663892E4D3A3A9A71CBD303A356371C227BBAC3154E883AEFEDDEC699CF40C99B2096E6F993B8B857C2A316
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifdef _WINDOWS..#include "StdAfx.h"..#endif....#ifdef __APPLE__..#include "macport.h"..#endif....#include <setjmp.h>..#ifdef __linux__..#include <signal.h>..#include <sys/types.h>..#include <string.h>..#include <unistd.h>..#include <sys/syscall.h>....#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 30..#define gettid() syscall(SYS_gettid)..#endif....#endif //linux........#include <signal.h>..#include <sys/types.h>....#include "PipeServer.h"........BOOL ExpectingAccessViolations = FALSE;....#ifdef _WINDOWS..#pragma warning( disable : 4101)..HANDLE MDC_ServerPipe = 0;..DWORD ExpectingAccessViolationsThread = 0;..#else..uint64_t ExpectingAccessViolationsThread = 0;..#endif....typedef uint64_t QWORD;......jmp_buf onError;....void ErrorThrow(void)..{...longjmp(onError, 1);..}......#ifdef _WINDOWS......int looper = 0;..LONG NTAPI ErrorFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)..{...if ((ExpectingAccessViolations) && (GetCurrentThreadId() == ExpectingAccessViolationsThread) && (ExceptionInfo->

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VR3GO.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):682
                                                                                                                                                                                                                                                                        Entropy (8bit):5.267391865519074
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:j/ltWmmylAoQ3/UkKTzuKTRWDKSRWMqIJCJAlosePSJAQnxPs5rF43oLOaAOaWZW:rWy7sU9zu6WGMKIAXsCStxPs5rF43olG
                                                                                                                                                                                                                                                                        MD5:4A220BB5A39A19E5E63123E8BA31FAF9
                                                                                                                                                                                                                                                                        SHA1:3E6667ED6E85E021FD9091C8EB2FDCA3C2DDEF41
                                                                                                                                                                                                                                                                        SHA-256:01F9B1931FDC3D8CB1B82D759A182AE617AF8986846A2B6F23092F78A39C8AD7
                                                                                                                                                                                                                                                                        SHA-512:734FD1ACEEE62A86A56DFC94E6E6FF264AE924AADFDC47EAC405E252FE3965633992D192CFAC6068AD7F2CAA170B594A0839D09ECE60976A27A363F69C1E1A5D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"......BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...OutputDebugStringA("MDC: DllMain");...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:....//OutputDebugStringA("DllMain entry");....g_hInstance=hModule;....DataCollectorThread=CreateThread(NULL, 0, DataCollectorEntry, NULL, 0, NULL);....SuicideThread=0;//CreateThread(NULL, 0, SuicideCheck, NULL, 0, NULL);....break;.....case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\stdafx.cpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):304
                                                                                                                                                                                                                                                                        Entropy (8bit):4.661406565301994
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jGmyXH+5AMRNT15eAaiErJAhQFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcV:jGXXHJYx5fanrJAKE+yi5JlZ+4cWAoQI
                                                                                                                                                                                                                                                                        MD5:520DEFE1897C77FCE677BE903979DCA0
                                                                                                                                                                                                                                                                        SHA1:0EB32160624E8E3B72DF97E440EFCB211A09595C
                                                                                                                                                                                                                                                                        SHA-256:71E91D8847E8A4E4A757E441B7D785EDDDA95D55FF674E5054D0FDF781773361
                                                                                                                                                                                                                                                                        SHA-512:337D2893FB92760955D04E788E753B95C835A085929ED4144654899F9A54B96E84A7682A3C7885AA24F98E53FD5B2A2AC03D3F261CD3725F7D15E4422A2942A0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// stdafx.cpp : source file that includes just the standard includes..// MonoDataCollector.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\targetver.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                                                        Entropy (8bit):4.639223269334076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                                                                                        MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                                                                                        SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                                                                                        SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                                                                                        SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-SHOE4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1351
                                                                                                                                                                                                                                                                        Entropy (8bit):5.483553389434968
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPEkpnjkaUdex0H5p6DK/C868u8o2/b88W:pPTnjY6eqp8bo2/IZ
                                                                                                                                                                                                                                                                        MD5:9A2A2CADE7D370C563896D2C6F07D1C2
                                                                                                                                                                                                                                                                        SHA1:E01491AE49454E194C3B4DE2AE668AFEF27B3F3E
                                                                                                                                                                                                                                                                        SHA-256:287EE21B22308A8B979EB259417503D5B1542BBBF0859EE9344C085DE7866495
                                                                                                                                                                                                                                                                        SHA-512:CB9337B576030AF522180F16D8B52B36A9CC8099DB19A17D18CE92559C191CA4B61F27BBDA051E895A7E9455033BAB3C52FD057FA52F138F735DCC485F46B546
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.30723.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MonoDataCollector", "MonoDataCollector\MonoDataCollector.vcxproj", "{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.ActiveCfg = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.Build.0 = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.ActiveCfg = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.Build.0 = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Release|Win32.ActiveCfg = Release|Win32....{941726A

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dotnetinfo.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (338), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):84022
                                                                                                                                                                                                                                                                        Entropy (8bit):4.86677649912196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:yui2L/B3vpXErHBRpUPrEUvh8VRzXzycAcnNSoaam0WEj:yurB6rhRpUPr9vszjycAcYoaam0WEj
                                                                                                                                                                                                                                                                        MD5:F30091A31003345EAE2A915D1EE13E9D
                                                                                                                                                                                                                                                                        SHA1:B42C1B7DA7E620A89A68274C7551D7BB3806441C
                                                                                                                                                                                                                                                                        SHA-256:CC505DA9EA622E39783D6AC0A98370E1B58EBA6702B9A1796FDC869AEEBBA261
                                                                                                                                                                                                                                                                        SHA-512:A9A801F42BF9A1ED54CBC2DC7AC397E6695EB685D4F03313059B08DB23ED9055727168B9AFFEE94416A584F703B9B97D515B6BC02FEF99F8EF6FB4B372AEE65E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--dotnetinfo is a passive .net query tool, but it can go to a active state if needed....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetinfo.po')..end....if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep='/'..end....debugInstanceLookup=false....local DPIMultiplier=(getScreenDPI()/96)..local CONTROL_MONO=0..local CONTROL_DOTNET=1....DataSource={} --All collected data about the current process. From domains, to images, to classes, to fields and methods. Saves on queries and multiple windows can use it..local CurrentProcess....local ELEMENT_TYPE_END = 0x00 -- End of List..local ELEMENT_TYPE_VOID = 0x01..local ELEMENT_TYPE_BOOLEAN = 0x02..local ELEMENT_TYPE_CHAR = 0x03..local ELEMENT_TYPE_I1 = 0x04..local ELEMENT_TYPE_U1 = 0x05..local ELEMENT_TYPE_I2 = 0x06..local ELEMENT_TYPE_U2 = 0x07..local ELEMENT_TYPE_I4 = 0x08..local ELEMENT_TYPE_U4 = 0x09..local ELEMENT_TYPE_I8

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dotnetpatch.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7984
                                                                                                                                                                                                                                                                        Entropy (8bit):4.628436564346363
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:hG6G275/GPinZJGJBo2HXwymhmBEO/66dogk:fG4/vnZJGJv3qABPm
                                                                                                                                                                                                                                                                        MD5:6BFAA8047A8912C979D8B7ADC21BEFC4
                                                                                                                                                                                                                                                                        SHA1:9DEB3F151A70B1DE2AF921E2C4A05A9AFBFE88DA
                                                                                                                                                                                                                                                                        SHA-256:7EFC51C61CEC0EF4330C63E8848AD17BF707CC7067F8F5E195AE69D373BF4D24
                                                                                                                                                                                                                                                                        SHA-512:BEC70863FE63321EC815164A84FC82F7F03139E668AC165E218B033C2E79150B405AE553CBD8543F3AEDC839DB35FC74C14348E080598FB7BC25FB7908386A0E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--patches a dotnet method. Prerequisite: Must not be inlined or generic, or anything complex....function ParseScriptTokens(script,values).. --parses the script for <> entries and looks up the value in the values table.. if script==nil then .. print(debug.traceback()).. error('ParseScriptTokens: script is nil') .. end.. if values==nil then .. print(debug.traceback()).. error('ParseScriptTokens: values is nil') .. end.. .. return string.gsub(script,"<(.-)>",function(v) .. local r=values[v].. if r then return r else return x end.. end)..end....function dotnetpatch_getAllReferences().. --gets a list of all assemblies.. --todo: if they are in-memory only, export them to a file first (create the mz/pe manually, just the metadata).. local r={}.. local sysfile.... if monopipe then.. mono_enumImages(function(img).. local n=mono_image_get_filename(img).. local ln=extractFileName(n:lower()).. if ln~='mscorlib.dll' and ln~='netstandard.dll' then..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\dotnetsearch.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15160
                                                                                                                                                                                                                                                                        Entropy (8bit):4.132367012227535
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:fTJbJcJtJZJtJeJAmDF3zY0PLTuHrRthutT9AT0HqkVWAcK3wMexR9WnraIeBXjJ:LJbJcJtJZJtJeJAmDF3zY0jTuHr7huFG
                                                                                                                                                                                                                                                                        MD5:C5D67D9CB5017F96F34CB9BA0F08FDF0
                                                                                                                                                                                                                                                                        SHA1:53DCA47CF042380F8DBC3399832A559A2C7368BD
                                                                                                                                                                                                                                                                        SHA-256:42896BBE75C79C381CC90FBAE685DA24013CAAD0786F1B1A4B569620C45F3F72
                                                                                                                                                                                                                                                                        SHA-512:C2F41A7C1A25B66B9DC0A496AD87818C9C7E3F70CEB82344AD7F664764293D2F9A43E607A4A299597E44B6763B3BFC63AD8F4EB01C6BD68EAE4BB04ACF775F42
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--dotnetsearch..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetsearch.po')..end....function spawnDotNetSearchDialog(DataSource, frmDotNetInfo, searchtype).... local currentScan --rule: only writable in mainthread.. local searchresults={}.. .. .. --spawns a searchdialog. searchtype has 3 options: 0-ClassName, 1-FieldName, 2-MethodName.. local frmSearch=createFormFromFile(getAutorunPath()..'forms'..pathsep..'DotNetSearch.frm') .. .. _G.frmSearch=frmSearch.. .. if searchtype==0 then.. frmSearch.Caption=translate('Find Class') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current image').. .. frmSearch.cbLimitToCurrentBase.Enabled=frmDotNetInfo.lbImages.ItemIndex>=0 .. frmSearch.lvResults.Columns.delete(2).. elseif searchtype==1 then.. frmSearch.Caption=translate('Find Field') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current class').. frmSearch.cbLimitToCurrentBase.Enabled=f

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\eatme.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):5.052893474705733
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jFwErIVt0OdI+eGvJYazVId2EA3ivun0gVVjec0Lg0zVCAMBNXnGCWMdO:5myTjOId2p3ivIVje5tVDMBRnGV5
                                                                                                                                                                                                                                                                        MD5:9BA24A4B8CB68B40D229109565572F78
                                                                                                                                                                                                                                                                        SHA1:F2DABC40C3761FD9196291AB42943D580062CD11
                                                                                                                                                                                                                                                                        SHA-256:8B5608DAEDB4370990B65579EE8D1D5623644FD9C0BBE007211D5837DC690C72
                                                                                                                                                                                                                                                                        SHA-512:BEFA54FD6A87BAF24030B6E292E0D8E674FBD69B3424184582EB38D8AF2C8459E7728BC6F03032735A6A1B6C5FE459ECDB1C862BDBD390DC695F4085ABC3918A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Alice says hi!....local t=createTimer()..t.Interval=110000..t.OnTimer=function().. local f=getForm(0).. f.Width=f.Width+2.. f.Height=f.Height+2.... if t.Interval>10000 then.. t.Interval=t.Interval-10000.. end.... createMemoryStream().Size=math.random(65536*4,65536*32);..end

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\DotNetInfo.frm (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1926), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1993
                                                                                                                                                                                                                                                                        Entropy (8bit):6.43677382842252
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cmQhOHjryH7ijmpX5ewpjITkwEd0b+huow2zaj5pq:CIrgPX5vdq3/idAq
                                                                                                                                                                                                                                                                        MD5:14F06EC8B7A351563865937D340EC91C
                                                                                                                                                                                                                                                                        SHA1:AE85AF607F8958536689E4D2D1266D69F7FAFA68
                                                                                                                                                                                                                                                                        SHA-256:CD9C88B16FFB21F47D97708AB737E0BFDA712B2DB509A32BEA7AA7AE8DE7098B
                                                                                                                                                                                                                                                                        SHA-512:BCD1B9BCA9C20C8B4F9144502302A611E7D4C1ED26B9C4A19E3A0A75F1F649B1CD0DE1F5FD4D90512563385AD439720DCE22C4202D80A244AE572EFDEF6C1EED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetInfo Class="TCEForm" Encoding="Ascii85">y.#q08${e{AGUXGCxM1kqPG/i5}]^,l!AIdg4m5yS9W5;CPhdb#:B#C:/LpFckDKmxb=t,_APZZ!}t:skdTmi/HDT[S0p(1ikY2RduP3A=Nn[p?xGn,:6mmb?6DUt,0nE=ueE0lng:Zs]J1E2zfI@7r0rltN+y=(:BGyG4n+S#HQz0n0{]4Yy=hUObYecXHuqhMX0S.D8WC)(?vIB!gm_(l1R,Hvs8n}44h9alw$a2022_R5X4b^=,_,Ftqj4{mKJ4_^/]b;dg}8OS[/k3lpw=-2PGJ.tlh%#hz1?#=[p}{geHf8x+dPz;?v!ZKF@mQ1U$hkTe/lZQXcF@JT6rI^eXI):eC2k7L;]R#A#hPJ-sK_0cuN)Ya6@W%qe;fuQsNuN,_]Nzp!*fT;gSJ_JpjXFZpYBI8grn7V#?L3EPg_.%:H!cKcw)(fQ8+62lPS+@je!jU*VLYYLA4_Fp04p]eN=_HjVvd!(?B;n.67#8sEqI;yNJ]5v(_wBOBl/Ry/fl[/P}NwO1M8YUs/(l?Rl=JMa,Qf+wuYw-BZ/QUMz86+Hg:Fq5wVt}kD;3=c0Sd]R!0fL1p85Jc_8aXBix4^?J?i2KBTc3=236GOX^u5PjNZxT!+tLow_@bR9%ro8OaGYqZDC}gq!Ei;yj?mYz;ysTQd7vzxKYh=}.ISwgUUu%@z4#}}WFVk(Vro7*qKHx5kdTkl!g!SX^Do])2v6m7sP6o_$/9?5W?XS;F,8PfT0V#4?2x3o0f9{$@TH={m;C).e3oFF9qzbuuc@x0ib00SaFlUq=Q}Wc:ihFzIY}t#YR.LI*+ut{A[vZCKRuZ.behF=[tW2kV5O3+o^G{t^Lt*$Sw2XXk78c2@eb0,v97^OAX[/HBQ-G(Z$-Jg)S@92.e%43)1

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\DotNetSearch.frm (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (929), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):996
                                                                                                                                                                                                                                                                        Entropy (8bit):6.420065473502429
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dxxNUQ7V0EdLp1H9DTFhJMSqL3bi3LMo7CTNzErduIkjbnw:c/+QdLbHpTB5w3bUApe47bw
                                                                                                                                                                                                                                                                        MD5:C884C42A2BA59904C39D9825F0A5FFAF
                                                                                                                                                                                                                                                                        SHA1:D18E6CEEEC9D9CB6562E006EF6112C528E814D24
                                                                                                                                                                                                                                                                        SHA-256:A74C6BB9A778F806577A2528BCACD3E9CB0BD5CAAEF5D92C2B1ADF101BB9E57D
                                                                                                                                                                                                                                                                        SHA-512:23C2368BBCF228B536DBE64FFC5FEF8E0D87D3D65B7BB9CD25369D9A727C8F2B04754B4A3404F31CD14B4D0C6A2AC6492D0CBCB66CB5A0E2B056C42D39BF9F51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetSearch Class="TCEForm" Encoding="Ascii85">rIgQd):ZUm6{gG,wv$rY.mC+=4s8!D?B{2Lp]8hBhy$Dzdz*ygNFG@E8:it!.T3om=i=6}E0XOvIFkc@E_DY4yT9,-*#4UHqe1VPI__NwQqA@m*a.eiSD-[nDw:Nf.YK=ToYn:f$y7V9u]]m1@9=mWuvkx;pV$p)qL}z{$Hf:q@y,+;0#4KPtjB:IXKz4HWxN{320}YHc8dSYFy26;%+Jusi3{qJAOiCm6xuOpeU_F=4DNhBA3}aOo#tQ_FS%$V:lZ)j]i]3((L,b3C?(HncBP6zg$a$An4ET$%tVY0zU0_Vr0s@,$,QgFNAN32(C3}]KoJs.)Z)aW)):f:jYoD10{3{vzRw6DZwNHL7JT9RLwOehhe-S0h;ou/D0Y0SIMfRct}XDIkVvHwvXwfInQlW_+630snXdbRkE_V-th;;q-0VNBTTy(?P}RNpVekqEd4?35RB4QS@VkP5F[O^#2:4U-6S@mbHfBoYx*JYk8r^{j6,(7!X./;th[[XxW8hx7K3]Knas_tJ^]dn0mEp%[C%)-/Eyz)nqa;l*@pYTHM9oi?ST7,y-WgB?CAPN#;cu7}:gZ$v=bkQ0D6b-Q%Whuduq[]/A-e6#]?=A5XEUZpGRTxY*TJq]VLi;gy7:#ES6ol;ltfDs6-h}c6VCExC)]unsxcacZv!fF-{1FACRzfX/i34cO@q7i;dtI.VGjH^GqrMC/N1^oP?5b0WPNN?7@W*=MK^yh%#g7bp^ewvj*/mGg*9cka}haFRFb/D:E2$l]^4RCRmJQnrr+m)O}$e)?qEKw-zJ3E%x3xR;Y#c[[o8uNiWq^hBX7RBn+3inzis1@DzKYpgxGJIi;r,=lepMf!EG71Uj</frmDotNetSearch>..</FormData>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\MonoDataCollector.frm (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1542
                                                                                                                                                                                                                                                                        Entropy (8bit):6.413889728128656
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dl+Q7dIn/BzGXaMSRuVQn3b/Go2DG0E2Gy6UylxJvaKoj+RSGrsuwdKiVrcfBkd:cwQq/BzGXkL/b2TOXNPSich4C/8/Tm
                                                                                                                                                                                                                                                                        MD5:03D4DD46084BCBE16A39D72BA22E5446
                                                                                                                                                                                                                                                                        SHA1:BA414E6BA6CD5503BABA82A7A96272D850CB9CD1
                                                                                                                                                                                                                                                                        SHA-256:4F254BBC897AD0E165986D18577E0A04FD31C93CCA542A0999FA0093EDC5BC61
                                                                                                                                                                                                                                                                        SHA-512:B37CF277443F3D4D9C8207E17EF146FABE003402750F812C27369210C79E43BAF45FB49AC2B370D2B1B1077912C9B9A9EA4AA4F7D5166B9FA1A152384902E19D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <monoForm_1_1 Class="TCEForm" Encoding="Ascii85">eO6mj/2DpF2@.4Ig;G5sOfPPy=X+mXmX_)uN{bTn76[BLz#F5rPl$;vd1M9HnSJaJYyVkwEL%3%=2}nF-#Pwtbfh-{#_h4le_7[Zd?N*/j0G3CxIVl-Tt9)?YX7s:c?6YtsoKA,wF8l}_8rhk)nu{amo3+PiK2pcHcxe(7tu6?PzgEo83nHLxUbg,MlQnEPl2!8-YKCRSBKqmky6BQHxn?rB;=xeJ4p9{rt}d=-quK+2^k8oFyR3}jWf[C2io/H!hI^a$ck,[9h)ztZIz_IIAZjMyIsOeE!!hlkQGxC1,j?}ecU?2$tuZ.;*YjFcLpSya]vv+n}D25F#U[YuC8J#Bakg.IOV:zj3g:LH_^nvcpY4ns:/[x9{;bNG.ihRQZvmMOb6TQP8[Y2C:1%sn%6V{lTthFXvLoZNsbNCnTQ{AXl,sA5Z6VKn[8GJ#r@LqrF4d2E{l=sf;4,Vp;Q1t!2,738?OIV4ADrEd(hD5fn{n=i96,*.O@o7EU.lhp=B.-T==L_#pwm.iGSn9bOwJ?WxJ+QMhluXM#Eco$0FozncAtuZ@m?O?5C+ff=A5m!t9J6AY3W/$ymMEm/!.}D!_qF8vY:re{I}t[=k?%KF{({a@hvm0]k*eqz$Rzy@JYRJ2?HAl.^%=zh(/%=n@WwaMf7ge@tS,LDcfRis;:s)S*ap?DS4J!e]pqrrJfTM,;tj7G9V,j5!^msB80nS.@Z3S/Si}Q^B8ms:1P?P[1Oi,2*8S.#qwqXfLKCGaTlMC;qvdKhN!DxMy5F1htiZSE.lav8jEIqNtv6yOy!Bb+iy7=A@!qneIoK)z[4-mUXIZ^I_}{w7z-fO6nnQ6_gAH:2eleV^^EAB1xH1OA.z:vZoaV+O]M=csyI)Q;:P+J2CYo5CvKP6#

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\is-AETTC.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1542
                                                                                                                                                                                                                                                                        Entropy (8bit):6.413889728128656
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dl+Q7dIn/BzGXaMSRuVQn3b/Go2DG0E2Gy6UylxJvaKoj+RSGrsuwdKiVrcfBkd:cwQq/BzGXkL/b2TOXNPSich4C/8/Tm
                                                                                                                                                                                                                                                                        MD5:03D4DD46084BCBE16A39D72BA22E5446
                                                                                                                                                                                                                                                                        SHA1:BA414E6BA6CD5503BABA82A7A96272D850CB9CD1
                                                                                                                                                                                                                                                                        SHA-256:4F254BBC897AD0E165986D18577E0A04FD31C93CCA542A0999FA0093EDC5BC61
                                                                                                                                                                                                                                                                        SHA-512:B37CF277443F3D4D9C8207E17EF146FABE003402750F812C27369210C79E43BAF45FB49AC2B370D2B1B1077912C9B9A9EA4AA4F7D5166B9FA1A152384902E19D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <monoForm_1_1 Class="TCEForm" Encoding="Ascii85">eO6mj/2DpF2@.4Ig;G5sOfPPy=X+mXmX_)uN{bTn76[BLz#F5rPl$;vd1M9HnSJaJYyVkwEL%3%=2}nF-#Pwtbfh-{#_h4le_7[Zd?N*/j0G3CxIVl-Tt9)?YX7s:c?6YtsoKA,wF8l}_8rhk)nu{amo3+PiK2pcHcxe(7tu6?PzgEo83nHLxUbg,MlQnEPl2!8-YKCRSBKqmky6BQHxn?rB;=xeJ4p9{rt}d=-quK+2^k8oFyR3}jWf[C2io/H!hI^a$ck,[9h)ztZIz_IIAZjMyIsOeE!!hlkQGxC1,j?}ecU?2$tuZ.;*YjFcLpSya]vv+n}D25F#U[YuC8J#Bakg.IOV:zj3g:LH_^nvcpY4ns:/[x9{;bNG.ihRQZvmMOb6TQP8[Y2C:1%sn%6V{lTthFXvLoZNsbNCnTQ{AXl,sA5Z6VKn[8GJ#r@LqrF4d2E{l=sf;4,Vp;Q1t!2,738?OIV4ADrEd(hD5fn{n=i96,*.O@o7EU.lhp=B.-T==L_#pwm.iGSn9bOwJ?WxJ+QMhluXM#Eco$0FozncAtuZ@m?O?5C+ff=A5m!t9J6AY3W/$ymMEm/!.}D!_qF8vY:re{I}t[=k?%KF{({a@hvm0]k*eqz$Rzy@JYRJ2?HAl.^%=zh(/%=n@WwaMf7ge@tS,LDcfRis;:s)S*ap?DS4J!e]pqrrJfTM,;tj7G9V,j5!^msB80nS.@Z3S/Si}Q^B8ms:1P?P[1Oi,2*8S.#qwqXfLKCGaTlMC;qvdKhN!DxMy5F1htiZSE.lav8jEIqNtv6yOy!Bb+iy7=A@!qneIoK)z[4-mUXIZ^I_}{w7z-fO6nnQ6_gAH:2eleV^^EAB1xH1OA.z:vZoaV+O]M=csyI)Q;:P+J2CYo5CvKP6#

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\is-L160H.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (929), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):996
                                                                                                                                                                                                                                                                        Entropy (8bit):6.420065473502429
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2dxxNUQ7V0EdLp1H9DTFhJMSqL3bi3LMo7CTNzErduIkjbnw:c/+QdLbHpTB5w3bUApe47bw
                                                                                                                                                                                                                                                                        MD5:C884C42A2BA59904C39D9825F0A5FFAF
                                                                                                                                                                                                                                                                        SHA1:D18E6CEEEC9D9CB6562E006EF6112C528E814D24
                                                                                                                                                                                                                                                                        SHA-256:A74C6BB9A778F806577A2528BCACD3E9CB0BD5CAAEF5D92C2B1ADF101BB9E57D
                                                                                                                                                                                                                                                                        SHA-512:23C2368BBCF228B536DBE64FFC5FEF8E0D87D3D65B7BB9CD25369D9A727C8F2B04754B4A3404F31CD14B4D0C6A2AC6492D0CBCB66CB5A0E2B056C42D39BF9F51
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetSearch Class="TCEForm" Encoding="Ascii85">rIgQd):ZUm6{gG,wv$rY.mC+=4s8!D?B{2Lp]8hBhy$Dzdz*ygNFG@E8:it!.T3om=i=6}E0XOvIFkc@E_DY4yT9,-*#4UHqe1VPI__NwQqA@m*a.eiSD-[nDw:Nf.YK=ToYn:f$y7V9u]]m1@9=mWuvkx;pV$p)qL}z{$Hf:q@y,+;0#4KPtjB:IXKz4HWxN{320}YHc8dSYFy26;%+Jusi3{qJAOiCm6xuOpeU_F=4DNhBA3}aOo#tQ_FS%$V:lZ)j]i]3((L,b3C?(HncBP6zg$a$An4ET$%tVY0zU0_Vr0s@,$,QgFNAN32(C3}]KoJs.)Z)aW)):f:jYoD10{3{vzRw6DZwNHL7JT9RLwOehhe-S0h;ou/D0Y0SIMfRct}XDIkVvHwvXwfInQlW_+630snXdbRkE_V-th;;q-0VNBTTy(?P}RNpVekqEd4?35RB4QS@VkP5F[O^#2:4U-6S@mbHfBoYx*JYk8r^{j6,(7!X./;th[[XxW8hx7K3]Knas_tJ^]dn0mEp%[C%)-/Eyz)nqa;l*@pYTHM9oi?ST7,y-WgB?CAPN#;cu7}:gZ$v=bkQ0D6b-Q%Whuduq[]/A-e6#]?=A5XEUZpGRTxY*TJq]VLi;gy7:#ES6ol;ltfDs6-h}c6VCExC)]unsxcacZv!fF-{1FACRzfX/i34cO@q7i;dtI.VGjH^GqrMC/N1^oP?5b0WPNN?7@W*=MK^yh%#g7bp^ewvj*/mGg*9cka}haFRFb/D:E2$l]^4RCRmJQnrr+m)O}$e)?qEKw-zJ3E%x3xR;Y#c[[o8uNiWq^hBX7RBn+3inzis1@DzKYpgxGJIi;r,=lepMf!EG71Uj</frmDotNetSearch>..</FormData>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UMLK2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (1926), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1993
                                                                                                                                                                                                                                                                        Entropy (8bit):6.43677382842252
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cmQhOHjryH7ijmpX5ewpjITkwEd0b+huow2zaj5pq:CIrgPX5vdq3/idAq
                                                                                                                                                                                                                                                                        MD5:14F06EC8B7A351563865937D340EC91C
                                                                                                                                                                                                                                                                        SHA1:AE85AF607F8958536689E4D2D1266D69F7FAFA68
                                                                                                                                                                                                                                                                        SHA-256:CD9C88B16FFB21F47D97708AB737E0BFDA712B2DB509A32BEA7AA7AE8DE7098B
                                                                                                                                                                                                                                                                        SHA-512:BCD1B9BCA9C20C8B4F9144502302A611E7D4C1ED26B9C4A19E3A0A75F1F649B1CD0DE1F5FD4D90512563385AD439720DCE22C4202D80A244AE572EFDEF6C1EED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetInfo Class="TCEForm" Encoding="Ascii85">y.#q08${e{AGUXGCxM1kqPG/i5}]^,l!AIdg4m5yS9W5;CPhdb#:B#C:/LpFckDKmxb=t,_APZZ!}t:skdTmi/HDT[S0p(1ikY2RduP3A=Nn[p?xGn,:6mmb?6DUt,0nE=ueE0lng:Zs]J1E2zfI@7r0rltN+y=(:BGyG4n+S#HQz0n0{]4Yy=hUObYecXHuqhMX0S.D8WC)(?vIB!gm_(l1R,Hvs8n}44h9alw$a2022_R5X4b^=,_,Ftqj4{mKJ4_^/]b;dg}8OS[/k3lpw=-2PGJ.tlh%#hz1?#=[p}{geHf8x+dPz;?v!ZKF@mQ1U$hkTe/lZQXcF@JT6rI^eXI):eC2k7L;]R#A#hPJ-sK_0cuN)Ya6@W%qe;fuQsNuN,_]Nzp!*fT;gSJ_JpjXFZpYBI8grn7V#?L3EPg_.%:H!cKcw)(fQ8+62lPS+@je!jU*VLYYLA4_Fp04p]eN=_HjVvd!(?B;n.67#8sEqI;yNJ]5v(_wBOBl/Ry/fl[/P}NwO1M8YUs/(l?Rl=JMa,Qf+wuYw-BZ/QUMz86+Hg:Fq5wVt}kD;3=c0Sd]R!0fL1p85Jc_8aXBix4^?J?i2KBTc3=236GOX^u5PjNZxT!+tLow_@bR9%ro8OaGYqZDC}gq!Ei;yj?mYz;ysTQd7vzxKYh=}.ISwgUUu%@z4#}}WFVk(Vro7*qKHx5kdTkl!g!SX^Do])2v6m7sP6o_$/9?5W?XS;F,8PfT0V#4?2x3o0f9{$@TH={m;C).e3oFF9qzbuuc@x0ib00SaFlUq=Q}Wc:ihFzIY}t#YR.LI*+ut{A[vZCKRuZ.behF=[tW2kV5O3+o^G{t^Lt*$Sw2XXk78c2@eb0,v97^OAX[/HBQ-G(Z$-Jg)S@92.e%43)1

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\images\export128x128.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1498
                                                                                                                                                                                                                                                                        Entropy (8bit):7.563086239733145
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2sH8UyMTD18ODCZk7X4zJz2pAlNrpAmvnFtljgCie8pYiOZqfE9St7Bq:2sH83sok7X+gAlBVZjzi7pYi8VKc
                                                                                                                                                                                                                                                                        MD5:A9BCD80603FBCF041BC462918CA48A64
                                                                                                                                                                                                                                                                        SHA1:A7908250F042B3454D8DDCB5CB20E569839BE135
                                                                                                                                                                                                                                                                        SHA-256:3E671AC6A8E77F11B4C6547CF810BC06327E84961C7657340F5CA0F622A966D9
                                                                                                                                                                                                                                                                        SHA-512:CE82C8CAABA0329656C26EFD5F7C86A0B35A161856B975C9918FD1CD503B32B133D6F0B01DAFB92AAE132DD4C19F23C7349BF146123554700E05AA94320FC0AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a.....pHYs...........~.....IDATx..Qh[U......%.cX.<.7..B..}.9[..A..N..'..Z|\.E...M|..d*.U...V.x...Yl..K..GN..5...9....BK..9..q.w.9GH)..%.....0..Y....o...R..cj...9.....7F....*.....LDi).mZ.[.077..:.A.T.l6K.r..2mZ;Z.....S(.hdd.....2.Y5..O..`xx........!...=..d2.ZXXp.RcBFJ.hB.!...| .J....%(.^w..>.H$......Q..C..P.......g...u.7...Q......:....gT>.N.iee.)X%.)]....>....x.)X...41........X.:'..r..C@....|>...... @..|@=.,--9...........]'......!..v...I"m.....t^4...At\4.......vR.|.C@.i.h.......0.-.a...M...K);.:>z.........3.....*.PS....0..0..0..0..0..0..0..0..0..h.."#.H.];../....AK..tFn.z..}....@c.?q....'.CG..J...9...S.?.z....)....7A.W>........][.`...=..?..........D..@...[..` ~J...EI.....V.X...m..0..iz.....\.....i..0.%..k_X...7c.K^[..B.#Ac..W...`bbB-..{MNN..sU}%...^..~%hzd.I.\.J.?=az3|..`....j..o.*.C@....@...E...R....................}."....!..g..B.....7b...I.............0....O..o(..(v..%%.....A....9..c..g.6....QZ,8..s.(..LX_]._.{

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\images\import128x128.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1169
                                                                                                                                                                                                                                                                        Entropy (8bit):7.406441361590178
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:RjlRKcz+Q1mlGwDxsQMod1x2W3QL9IR/RBTz:1lRK8sNDwobx2WgBIljTz
                                                                                                                                                                                                                                                                        MD5:660D8ACF876EAD3B985F9DF515160838
                                                                                                                                                                                                                                                                        SHA1:78A858326C16FA917C4A5284A606B824F025AF00
                                                                                                                                                                                                                                                                        SHA-256:4923FBF164D8DC0111E28DC1864BAC8CA2503FEE2B7A688845B4616465529EE6
                                                                                                                                                                                                                                                                        SHA-512:81BFF98BCE7CC6EE066FE8E1AB1FA957E56C62084A33D879A87CA22AFDF6D88012F1ECDF5DCF2493D816B96DD08073782F31F36DA9BCA37C53FC81CCFAB1E17A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a.....pHYs...........~....CIDATx..MHTQ......i.".)W.A.`.B...jc.i.. .h..2.ha.J7E..jm...........M.Q.g<.SC...s.y....:s.7.}...s........cC........7O..HI.M..R....F9.....c;n..t....k.).F.HP{.....U........P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8......3?.o...w.Q...Uq..... "q...m9 .-..........B^.:....W}8""N.`.....A.../......7...N.J*.......tum....+u9u............./....&...W..H.z...e............./>t.eK.0.......K..KO`F././.......Fk..}._|.......{=1r.I..&.Mk.%|q.#h;.c.WE..<.m.;Q....q_r}m....T... ..tVE.. AV....].x9......._......... ......*%A(.K.7..[...P..*..../.^.lE....h..~Q.==zSf_?.*|.M..`wwo.=^..Ab8....../!. ..........v*.......J.....zW..eS.C..^Nk.....u.B._B..d0.4.4.N5.>..wO..?.4{.Z.P.:+I...48.0.=.J..01$_......A..-|A...?.|...3`.......sf.....s.Z.sc.F.5..S.....C.>.mg.e........y1...[N.+..\![..w:cZ...w..~6...,...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\images\is-1COQD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1169
                                                                                                                                                                                                                                                                        Entropy (8bit):7.406441361590178
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:RjlRKcz+Q1mlGwDxsQMod1x2W3QL9IR/RBTz:1lRK8sNDwobx2WgBIljTz
                                                                                                                                                                                                                                                                        MD5:660D8ACF876EAD3B985F9DF515160838
                                                                                                                                                                                                                                                                        SHA1:78A858326C16FA917C4A5284A606B824F025AF00
                                                                                                                                                                                                                                                                        SHA-256:4923FBF164D8DC0111E28DC1864BAC8CA2503FEE2B7A688845B4616465529EE6
                                                                                                                                                                                                                                                                        SHA-512:81BFF98BCE7CC6EE066FE8E1AB1FA957E56C62084A33D879A87CA22AFDF6D88012F1ECDF5DCF2493D816B96DD08073782F31F36DA9BCA37C53FC81CCFAB1E17A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a.....pHYs...........~....CIDATx..MHTQ......i.".)W.A.`.B...jc.i.. .h..2.ha.J7E..jm...........M.Q.g<.SC...s.y....:s.7.}...s........cC........7O..HI.M..R....F9.....c;n..t....k.).F.HP{.....U........P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8......3?.o...w.Q...Uq..... "q...m9 .-..........B^.:....W}8""N.`.....A.../......7...N.J*.......tum....+u9u............./....&...W..H.z...e............./>t.eK.0.......K..KO`F././.......Fk..}._|.......{=1r.I..&.Mk.%|q.#h;.c.WE..<.m.;Q....q_r}m....T... ..tVE.. AV....].x9......._......... ......*%A(.K.7..[...P..*..../.^.lE....h..~Q.==zSf_?.*|.M..`wwo.=^..Ab8....../!. ..........v*.......J.....zW..eS.C..^Nk.....u.B._B..d0.4.4.N5.>..wO..?.4{.Z.P.:+I...48.0.=.J..01$_......A..-|A...?.|...3`.......sf.....s.Z.sc.F.5..S.....C.>.mg.e........y1...[N.+..\![..w:cZ...w..~6...,...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\images\is-O2MT6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1498
                                                                                                                                                                                                                                                                        Entropy (8bit):7.563086239733145
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2sH8UyMTD18ODCZk7X4zJz2pAlNrpAmvnFtljgCie8pYiOZqfE9St7Bq:2sH83sok7X+gAlBVZjzi7pYi8VKc
                                                                                                                                                                                                                                                                        MD5:A9BCD80603FBCF041BC462918CA48A64
                                                                                                                                                                                                                                                                        SHA1:A7908250F042B3454D8DDCB5CB20E569839BE135
                                                                                                                                                                                                                                                                        SHA-256:3E671AC6A8E77F11B4C6547CF810BC06327E84961C7657340F5CA0F622A966D9
                                                                                                                                                                                                                                                                        SHA-512:CE82C8CAABA0329656C26EFD5F7C86A0B35A161856B975C9918FD1CD503B32B133D6F0B01DAFB92AAE132DD4C19F23C7349BF146123554700E05AA94320FC0AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a.....pHYs...........~.....IDATx..Qh[U......%.cX.<.7..B..}.9[..A..N..'..Z|\.E...M|..d*.U...V.x...Yl..K..GN..5...9....BK..9..q.w.9GH)..%.....0..Y....o...R..cj...9.....7F....*.....LDi).mZ.[.077..:.A.T.l6K.r..2mZ;Z.....S(.hdd.....2.Y5..O..`xx........!...=..d2.ZXXp.RcBFJ.hB.!...| .J....%(.^w..>.H$......Q..C..P.......g...u.7...Q......:....gT>.N.iee.)X%.)]....>....x.)X...41........X.:'..r..C@....|>...... @..|@=.,--9...........]'......!..v...I"m.....t^4...At\4.......vR.|.C@.i.h.......0.-.a...M...K);.:>z.........3.....*.PS....0..0..0..0..0..0..0..0..0..h.."#.H.];../....AK..tFn.z..}....@c.?q....'.CG..J...9...S.?.z....)....7A.W>........][.`...=..?..........D..@...[..` ~J...EI.....V.X...m..0..iz.....\.....i..0.%..k_X...7c.K^[..B.#Ac..W...`bbB-..{MNN..sU}%...^..~%hzd.I.\.J.?=az3|..`....j..o.*.C@....@...E...R....................}."....!..g..B.....7b...I.............0....O..o(..(v..%%.....A....9..c..g.6....QZ,8..s.(..LX_]._.{

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-0GFVI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15160
                                                                                                                                                                                                                                                                        Entropy (8bit):4.132367012227535
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:fTJbJcJtJZJtJeJAmDF3zY0PLTuHrRthutT9AT0HqkVWAcK3wMexR9WnraIeBXjJ:LJbJcJtJZJtJeJAmDF3zY0jTuHr7huFG
                                                                                                                                                                                                                                                                        MD5:C5D67D9CB5017F96F34CB9BA0F08FDF0
                                                                                                                                                                                                                                                                        SHA1:53DCA47CF042380F8DBC3399832A559A2C7368BD
                                                                                                                                                                                                                                                                        SHA-256:42896BBE75C79C381CC90FBAE685DA24013CAAD0786F1B1A4B569620C45F3F72
                                                                                                                                                                                                                                                                        SHA-512:C2F41A7C1A25B66B9DC0A496AD87818C9C7E3F70CEB82344AD7F664764293D2F9A43E607A4A299597E44B6763B3BFC63AD8F4EB01C6BD68EAE4BB04ACF775F42
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--dotnetsearch..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetsearch.po')..end....function spawnDotNetSearchDialog(DataSource, frmDotNetInfo, searchtype).... local currentScan --rule: only writable in mainthread.. local searchresults={}.. .. .. --spawns a searchdialog. searchtype has 3 options: 0-ClassName, 1-FieldName, 2-MethodName.. local frmSearch=createFormFromFile(getAutorunPath()..'forms'..pathsep..'DotNetSearch.frm') .. .. _G.frmSearch=frmSearch.. .. if searchtype==0 then.. frmSearch.Caption=translate('Find Class') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current image').. .. frmSearch.cbLimitToCurrentBase.Enabled=frmDotNetInfo.lbImages.ItemIndex>=0 .. frmSearch.lvResults.Columns.delete(2).. elseif searchtype==1 then.. frmSearch.Caption=translate('Find Field') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current class').. frmSearch.cbLimitToCurrentBase.Enabled=f

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-1D49U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):18412
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0642202603121165
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:zGYmhPbvqKlu2uzKCM/muwu5gfMs5eQVQgQ2GO:zGkKl4zm/mhR
                                                                                                                                                                                                                                                                        MD5:E4FA493CBF4F5E932DCE648A78800616
                                                                                                                                                                                                                                                                        SHA1:B82C12B23AE06AC07AE61B0B599F055DC879C949
                                                                                                                                                                                                                                                                        SHA-256:ACFB9FDA20C347D8B7B2E513D38D2692BD054AE90B88E846460E66B986DD8D1C
                                                                                                                                                                                                                                                                        SHA-512:E0C4B9B757D4F38DBDB2C5CE11FA27EE742EDA97A20F098D38300C8DCF27015D5CFC8BFD658B6A7F48CFDECE9645DA633C32B18050598A368432F7B026826823
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....require([[autorun\javaClassEditor]])....--parser for .class files and java bytecode..--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html....--constant type values..java_CONSTANT_Class=7..java_CONSTANT_Fieldref=9..java_CONSTANT_Methodref=10..java_CONSTANT_InterfaceMethodref=11..java_CONSTANT_String=8..java_CONSTANT_Integer=3..java_CONSTANT_Float=4..java_CONSTANT_Long=5..java_CONSTANT_Double=6..java_CONSTANT_NameAndType=12..java_CONSTANT_Utf8=1..java_CONSTANT_MethodHandle=15..java_CONSTANT_MethodType=16..java_CONSTANT_InvokeDynamic=18......function java_read_u4(stream).. local b={string.byte(stream.data, stream.index,stream.index+4-1)}.. stream.index=stream.index+4.... return byteTableToDword({b[4],b[3],b[2],b[1]})..end......function java_read_u2(stream).. local b={string.byte(stream.data, stream.index,stream.index+2-1)}.. stream.index=stream.index+2.... return byteTableToWord({b

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-1EQP8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7917
                                                                                                                                                                                                                                                                        Entropy (8bit):5.014591940837417
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:sQJpltyKlR4ZtoOQ9pttWKlR4vtGTQPpMlyFuVCQc6c0RhBmg:stKY59KYQ5JhUg
                                                                                                                                                                                                                                                                        MD5:E76FCD2ECD5B956D4579A676AA3EEA01
                                                                                                                                                                                                                                                                        SHA1:49ECBA5CCC531A40AD7805A126D38B44B4A36576
                                                                                                                                                                                                                                                                        SHA-256:0339BA0043AF5C058CF3A19DE9F90312D18F6BB2728F454EF403B531BD57AE42
                                                                                                                                                                                                                                                                        SHA-512:8443C213D4A626A358631F76A0CC4C106543CE58C94D34A96B88574B3E32AE742F28878B259A17823CA07EC521B06E32E572E7BC77E10951BC0984B07C0571C6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local scripts={}....local function registerBigEndianInt16()..scripts['2 Byte Big Endian'].type=registerCustomTypeAutoAssembler([[..alloc(TypeName,256)..alloc(ByteSize,4)..alloc(ConvertRoutine,1024)..alloc(ConvertBackRoutine,1024)....TypeName:..db '2 Byte Big Endian',0....ByteSize:..dd 2....//The convert routine should hold a routine that converts the data to an integer (in eax)..//function declared as: stdcall int ConvertRoutine(unsigned char *input);..//Note: Keep in mind that this routine can be called by multiple threads at the same time...ConvertRoutine:..//jmp dllname.functionname..[64-bit]..//or manual:..//parameters: (64-bit)..//rcx=address of input..xor eax,eax..mov ax,[rcx] //eax now contains the bytes 'input' pointed to..xchg ah,al //convert to big endian....ret..[/64-bit]....[32-bit]..//jmp dllname.functionname..//or manual:..//parameters: (32-bit)..push ebp..mov ebp,esp..//[ebp+8]=input..//example:..mov eax,[ebp+8] //place the address that contains the bytes into eax..mov a

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-29O6E.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14247
                                                                                                                                                                                                                                                                        Entropy (8bit):4.757455540825877
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:p1mEfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:VfPjylLNkKW6tE
                                                                                                                                                                                                                                                                        MD5:26C0E56ABEBFB550A9D208D6191816E0
                                                                                                                                                                                                                                                                        SHA1:8F2392846633AC48A0168AFE9F20AFC124699F4C
                                                                                                                                                                                                                                                                        SHA-256:A825F660DF2E6C13DBECE0A0F8DC306129BD784F8DC4EFC37E67E9CDD00CE65F
                                                                                                                                                                                                                                                                        SHA-512:4FC8A18E2F24374953694CB9230D9DDBA7A1B69B3BA5574AE143CB79B8D0F7CD94E9DD7337EC58EA40769A4B552A583C466781AC7EFF50C9199EAB39AD2076A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'CeShare.po')..end....ceshare={}....function ceshare.getInternet().. if ceshare.internet==nil then.. ceshare.internet=getInternet('ceshare').. end.. return ceshare.internet..end....local pathsep..if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep=[[/]]..end....ceshare.version=-1..ceshare.path=getAutoRunPath()..'ceshare'..pathsep..ceshare.formpath=ceshare.path..pathsep..'forms'..pathsep..ceshare.imagepath=ceshare.path..pathsep..'images'..pathsep....if package.loaded.xmlSimple==nil then.. package.path=package.path..';'..getAutoRunPath()..'xml'..pathsep..'?.lua'..else.. package.loaded.xmlSimple=nil..end..ceshare.xmlParser = require("xmlSimple").newParser()......package.path=package.path..';'..ceshare.path..[[?.lua]]....function loadCEShare().. ceshare.settings=getSettings('ceshare').. ceshare.secondaryIdentifierCode=getSettings('ceshare\\secondaryIdentifierCode').... require("ceshare_account

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-3I4LR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):136078
                                                                                                                                                                                                                                                                        Entropy (8bit):5.006188616081032
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:/t5zmxQLPqWuiXL9eqiK8uthP/xoiEFLWiP8bTg1b3lDWIkGkxv0C2r0EcD+JZSh:O5n6MJCAi7hXZS8YHo6FG7236nDZ
                                                                                                                                                                                                                                                                        MD5:76168CA68F3ED8ADE110B140244EFBAF
                                                                                                                                                                                                                                                                        SHA1:2AF08403D17A64B10429C8FCE68AA085A6B287B7
                                                                                                                                                                                                                                                                        SHA-256:5832B5AB00E84690AC1E780E8B1C4ABD9649465234C9FFA2CECB410BE66A6B8A
                                                                                                                                                                                                                                                                        SHA-512:80AD21D631934D2B8E368A5B2D3CB5F1889D4A65099C2D8CD8BA37EB721C1EBDC2C6549FC530514BF9F96976FFCBFD372150F1F16A6591DA013FE4F1D1BB070B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'monoscript.po')..end....local thread_checkifmonoanyhow=nil..local StructureElementCallbackID=nil..local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....local dpiscale=getScreenDPI()/96....--[[local]] monocache={}....mono_timeout=3000 --change to 0 to never timeout (meaning: 0 will freeze your face off if it breaks on a breakpoint, just saying ...)....MONO_DATACOLLECTORVERSION=20221207....MONOCMD_INITMONO=0..MONOCMD_OBJECT_GETCLASS=1..MONOCMD_ENUMDOMAINS=2..MONOCMD_SETCURRENTDOMAIN=3..MONOCMD_ENUMASSEMBLIES=4..MONOCMD_GETIMAGEFROMASSEMBLY=5..MONOCMD_GETIMAGENAME=6..MONOCMD_ENUMCLASSESINIMAGE=7..MONOCMD_ENUMFIELDSINCLASS=8..MONOCMD_ENUMMETHODSINCLASS=9..MONOCMD_COMPILEMETHOD=10..MONOCMD_GETMETHODHEADER=11..MONOCMD_GETMETHODHEADER_CODE=12..MONOCMD_LOOKUPRVA=13..MONOCMD_GETJITINFO=14..MONOCMD_FINDCLASS=15..MONOCMD_FIND

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-4OCNP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (301), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):57578
                                                                                                                                                                                                                                                                        Entropy (8bit):4.965043624755705
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:SDN7O8gQVISPW3R89Mvybxj/kTdg4YXj2P:SDN7OiPW3W9MvybxjM/dP
                                                                                                                                                                                                                                                                        MD5:49C105DC0F4E732802284180722747C2
                                                                                                                                                                                                                                                                        SHA1:CDC575490B51A252202BB5E37F0536870DD3CCA0
                                                                                                                                                                                                                                                                        SHA-256:43DAE8CFAA2C16B3D94C748DE250BBA2E16E9789C8B2F3395CB6ED4F79E624C6
                                                                                                                                                                                                                                                                        SHA-512:B3A582E1FB4BAF003F40262C888ADF84041874E729A97D8CFAED581C84B7B3F5823DAFA4249607D4E79B62AA30BC207632ECA9522A0866EDF1C57CFC8296EFE7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'pseudocodediagram.po')..end......--[[pseudocodediagram.lua]]--....local DPIAdjust=getScreenDPI()/96....--Global..diagramstyle = {}..diagramstyle.instruction_registerstyle = '[31;1m' --red + bold..diagramstyle.instruction_hexstyle = '[34;1m' --blue + bold..diagramstyle.instruction_symbolstyle = '[32;1m' --green + bold..diagramstyle.instruction_opcodestyle = '[1m' --bold..diagramstyle.link_defaultcolor = 0x00FF00FF --fuchsia..diagramstyle.link_nottakencolor = 0x000000FF --red..diagramstyle.link_takencolor = 0x00FF0000 --blue..diagramstyle.link_linethickness = 3*DPIAdjust..diagramstyle.link_arrowsize = math.ceil(5*DPIAdjust)..diagramstyle.link_pointdepth = 20*DPIAdjust --distance between links..diagramstyle.block_headershowsymbol = true..diagramstyle.block_bodyshowaddresses = fal

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-5828D.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8862
                                                                                                                                                                                                                                                                        Entropy (8bit):4.974583347443069
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:b4QnfODIk5ktS+Xp7SjCjL6jSCXNB3mtS+jwKtwTZX:bwDIAoL6jfMbtwX
                                                                                                                                                                                                                                                                        MD5:18D66678D7078C907FDDB5CC4E16E94E
                                                                                                                                                                                                                                                                        SHA1:681DC425C522D1A87588E224980F539DE791F2C2
                                                                                                                                                                                                                                                                        SHA-256:D99600BD2A0E754423499C963953FBF16B5FF9CECADC44F1332733F08F3D3F6E
                                                                                                                                                                                                                                                                        SHA-512:D22C18C47D93C12ED60BF704C590AF3FE7D7D0BCC49B77939F18424F2D15241C084F7288AC1695F22EA97DE1C6605351DAAF98FB86A6D4269ADAE2C78642BA10
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'SaveSessions.po')..end......if cheatEngineIs64Bit() then.. if string.find(package.cpath, 'clibs64')==nil then.. package.cpath=package.cpath..[[;.\clibs64\?.dll]].. end..else.. if string.find(package.cpath, 'clibs32')==nil then.. package.cpath=package.cpath..[[;.\clibs32\?.dll]].. end..end....require("lfs")....function loadMemoryScan_internal(filename).. --print("loadMemoryScan").. .. --the thread is used to bypasses a bug in 6.3.....local ms=getCurrentMemscan()...local mf=getMainForm()...........local input,err=createFileStream(filename,fmOpenRead or fmShareDenyNone).. if input==nil then.. MessageDialog(err, mtError,mbOK).. return.. end.....local scanvalue=input.readAnsiString().. local originalFromAddress=input.readAnsiString() .. local originalToAddress=input.readAnsiString() ...local scantype=input.readByte()...local vartype=input.readByte().. .....local savedscancount=input.readByte(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-5B6L1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8088
                                                                                                                                                                                                                                                                        Entropy (8bit):5.172167677485522
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG
                                                                                                                                                                                                                                                                        MD5:B5AE011C70C1D26CC31A5D818D60E53C
                                                                                                                                                                                                                                                                        SHA1:7BE6AD86FCC9208D6F21B9F1D464B6334E64922B
                                                                                                                                                                                                                                                                        SHA-256:31ED4209776DBFAD74EC811326439D26C02B6AB653056D5E171D952C12D3F25B
                                                                                                                                                                                                                                                                        SHA-512:440B1AFC72D671D8AA663B6672371AC365029525EE055CF380A9C9C84625FD5FA2B328110633A183F87CECF8D1D2CACB62E49A7EB382B30AAA75DA5B3D2F3054
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--[[..You have a d:\bla.dll with namespace ClassLibraryX, with a class named "MyClass"..That class contains a function defined as:..public static int MyInitFunctionName(string parameters)....then you do: injectDotNetDLL('d:\\bla.dll','ClassLibraryX.MyClass','MyInitFunctionName','Something')....--]]....local DotNetCoreInjectScript=[[..[enable]..alloc(injectdotnetdll, 2048)..alloc(IID_ICLRRuntimeHost4,16)..alloc(RuntimeHost,8)....alloc(paramstr,256)..alloc(methodname,256)..alloc(classname,256)..alloc(dllpath,512)....alloc(returnvalue,4)..alloc(errorvalue,4)..label(error)....dllpath:..dw '%s',0....classname:..dw '%s',0....methodname:..dw '%s',0....paramstr:..dw '%s',0......IID_ICLRRuntimeHost4:..db 66 d3 f6 64 c2 d7 1f 4f b4 b2 e8 16 0c ac 43 af....injectdotnetdll:..[64-bit]..sub rsp,6*8+8..mov rcx,IID_ICLRRuntimeHost4..mov rdx,RuntimeHost..[/64-bit]....[32-bit]..push RuntimeHost..push IID_ICLRRuntimeHost4..[/32-bit]....call GetCLRRuntimeHost..cmp eax,0..jne error....[64-bit]..mov rcx,[Ru

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-5CHJ4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2018
                                                                                                                                                                                                                                                                        Entropy (8bit):4.845505891620365
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:8LRZCSs+dJPHoSLI0zAXFqfzhPR3sAuH7vMTCRTnoH7ADR09ZWgsAU1HTfHU1EP:IRZ7umKgl5s2+cZPs81u
                                                                                                                                                                                                                                                                        MD5:3E20F1013FB48A67FE59BEDE7B8E341B
                                                                                                                                                                                                                                                                        SHA1:8C8A4CB49C3B29DB2C47F84AAFD0416101722BFE
                                                                                                                                                                                                                                                                        SHA-256:96E4429192F9AB26F8BF9F9429F36B388AA69C3624781C61EA6DF7E1BCA9B49B
                                                                                                                                                                                                                                                                        SHA-512:99CF3F88C8B06DA0DBE8085DEE796BEC7A9533990A55FBCE7524A4F941B5ECF0E8EC975A4B032EB2AAABD116C0804995A75036C98A5E4058F25D78D08A11F3F2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local pm=AddressList.PopupMenu..local pmAddToNewGroup=createMenuItem(pm)..pmAddToNewGroup.Caption=translate('Add to new group')..pmAddToNewGroup.ImageIndex=MainForm.CreateGroup.ImageIndex..pm.Items.insert(MainForm.CreateGroup.MenuIndex, pmAddToNewGroup)....local oldOnPopup=AddressList.PopupMenu.OnPopup..AddressList.PopupMenu.OnPopup=function(s).. if oldOnPopup then.. oldOnPopup(s).. end.. pmAddToNewGroup.Visible=AddressList.SelCount>=1..end....pmAddToNewGroup.OnClick=function(s).. local i.. local count=0.. local selcount=0.. local withAddress=false.. local hasAddressSupport=false.... if AddressList.SelCount==0 then.. messageDialog('Please select at least one entry first', mtError, mbOK).. return.. end.... hasAddressSupport=AddressList[0].IsAddressGroupHeader~=nil.... for i=0,AddressList.Count-1 do.. if AddressList[i].IsGroupHeader then.. count=count+1.. end.. end...... local groupname=translate(string.format('Group %d',count+1)).. if (isKeyPressed(VK_

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-65VBV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20837
                                                                                                                                                                                                                                                                        Entropy (8bit):4.996731854830045
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Rmi4uQRgQgAgm2+CXgSKgKghmg60gGg4tgKplg/Dhrf+1e5l7jTRgzKgIgmoJMQZ:y3KQBHvSo9a452TZ0YgkP
                                                                                                                                                                                                                                                                        MD5:04CDE30D6AA9999A846B5FC3CFC1F56C
                                                                                                                                                                                                                                                                        SHA1:2187AB73161EE8A516D25F8295BB4C7E3DA2F7E3
                                                                                                                                                                                                                                                                        SHA-256:EAE2A91808BB58B386F3BDDE75176C7208C22BF5515C5D6E467C583DF2E72E15
                                                                                                                                                                                                                                                                        SHA-512:FB2F27F3981E587DDD379D54999067092DC2FBE2F243E4A49B2F9D4DA172907D169BC708AA0840631C951FB01CCB9E69A403EB2E19A5F1AFF1BE3FF0EEC27C62
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview: ..--same as monodatacollector but for .net and .netcore..--can theoretically be used on mono as well....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetforceddatacollector.po')..end......local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....dotnet_timeout=3000....DOTNETCMD_TEST=0..DOTNETCMD_INITMODULELIST=1..DOTNETCMD_GETMETHODENTRYPOINT=2..DOTNETCMD_GETFIELDTYPENAME=3..DOTNETCMD_GETFIELDVALUE=4..DOTNETCMD_SETFIELDVALUE=5..DOTNETCMD_LOADMODULE=6..DOTNETCMD_GETMETHODPARAMETERS=7..DOTNETCMD_WRAPOBJECT=8..DOTNETCMD_UNWRAPOBJECT=9..DOTNETCMD_INVOKEMETHOD=10....DOTNETCMD_FIND_MODULEID_WITH_CLASSLIST=11......DOTNETCMD_EXIT=255......dotnetmodulelist={}....function dotnet_findDotNetMethodAddress(namespace, classname, methodname, modulename).. --print(string.format("dotnet_findDotNetMethodAddress('%s','%s','%s','%s')",namespace,classname, methodname, modulenam

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-A5053.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17557
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7553596901580395
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:02/2WiurcwWJsFH1bukLWmHwt/5B9ndDiC4fVAslnlKQ8gLIeHkSD//TVxVkB8CZ:HtWIBugO8ieHkSDnTVTnC8i+lLQC/6
                                                                                                                                                                                                                                                                        MD5:F2896031568F43A7E4A7529A16F4EA12
                                                                                                                                                                                                                                                                        SHA1:A24B17AEC47FB290EE29BFC01C7386B85827D14E
                                                                                                                                                                                                                                                                        SHA-256:0714BD0F908345D7588A09C856746D76861CE4EB3571692BABC1BCE2D35A57AA
                                                                                                                                                                                                                                                                        SHA-512:B4F9EBB1E8375045269FF11FE2B6AEC3C31E64AB89CDDBFF1D26451DB3426AE841E28D184539959F84248CF101854F47E8F3497BA8414460ABCAC3C0D66248B3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local DPIMultiplier=(getScreenDPI()/96)....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'patchscan.po')..end....local IMAGE_SCN_CNT_CODE=0x20..local IMAGE_SCN_MEM_EXECUTE=0x20000000....function byteTableToHexString(bt).. local i.. local r=''.... if bt then.. for i=1,#bt do.. r=r..string.format("%.2x ",bt[i]).. end.. end.. return r..end......function scanModuleForPatches(modulepath, loadedModuleBase, thread).... local original=createMemoryStream().. local r,e=original.loadFromFileNoError(modulepath).. if not r then.. original.destroy().. return false,e.. end.. original.Position=0...... if (byteTableToString(original.read(2))~='MZ') then.. original.destroy().. return nil,translate('Not a valid executable').. end.... original.Position=60;.. local lfanew=original.readDword();.. original.Position=lfanew;.... if (byteTableToString(original.read(2))~='PE') then.. original.destroy().. return nil,translate('Not a valid win

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-B82C9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2095
                                                                                                                                                                                                                                                                        Entropy (8bit):4.920154640424097
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:gzax3OK42b8w6aBxVpKDRKLYChKr+deaUAyA16AhXaAe76:gzax+KIPazVpKDRaNhKr+dlUDy6GXapW
                                                                                                                                                                                                                                                                        MD5:CA347DEF8A682D2ADF951C4ECBABD948
                                                                                                                                                                                                                                                                        SHA1:C65BBC8A5106E9ACE9DDC450EC3A5F637704FA62
                                                                                                                                                                                                                                                                        SHA-256:1F11078B143B92612822F3DFC09D93778471198F203694C8FC911E249FBBC557
                                                                                                                                                                                                                                                                        SHA-512:9F7A08822D9357AF72A27707C17FC0D3EC03E72333D88E2BA8E2BE95EAB7BA9C1B33EA3E2E20D734C382F4732F77443D3AA9C189667A74195987F5DB486E2651
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local c=createComboBox(MainForm.gbScanOptions)....c.Style='csDropDownList'..c.Items.add('All')..c.ItemIndex=0..c.Name='ScanOptionsModuleList' ......c.Align=alTop..c.BorderSpacing.Left=6..c.BorderSpacing.Right=6..c.BorderSpacing.Bottom=2....local modulelist....function FillList().. local is64bit=targetIs64Bit().. local op.. if is64bit then.. op='32'.. else.. op='64'.. end.. synchronize(function() .. while c.Items.Count>1 do.. c.Items.delete(1).. end.. end).... modulelist=enumModules().. .. synchronize(function().. if modulelist then.. local i.. for i=1, #modulelist do.. modulelist[i].OriginalName=modulelist[i].Name.. if modulelist[i].Is64Bit ~= is64bit then.. modulelist[i].OriginalName='_'..modulelist[i].OriginalName.. modulelist[i].Name=modulelist[i].Name..' ('..op..'-bit)'.. end.... c.Items.Add(modulelist[i].Name).. end.. end.. end)..end....c.OnMouseEnter=function(d) .. if c.Items.Count<

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-BKFMP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7354
                                                                                                                                                                                                                                                                        Entropy (8bit):4.798336095796441
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:K9yd/VQilJ6HLwxxKF9Znu8KX+qNdYSnatJoqVSQPFLqJ4:K0VPlJMgNdYSnatmqVSQPFLc4
                                                                                                                                                                                                                                                                        MD5:2BE703BF1FF1EA4DD6D1EFF673367E48
                                                                                                                                                                                                                                                                        SHA1:13C122CFD7EB38D298FA91F3D6021F025578B508
                                                                                                                                                                                                                                                                        SHA-256:6704BEF60F60F85E76AA19B96A43ACA74C4AA8905B4033A20C24B75171B33D0A
                                                                                                                                                                                                                                                                        SHA-512:E1FC1C55574F5FECEF535734A23DB9738D4C5762E085DEA721F9CD7F5F9F364DD1428F669F26149F1E49414F38A4C00BC7FD4F5E1A5C03A0E53B24C859B25C5E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local function genericJumpHandler(state, alwaystaken).. local origin=state.address.. local addressString=string.gsub(state.ldd.parameters,"qword ptr ","").. local addressString=string.gsub(addressString,"dword ptr ","").. local desusertion=getAddressSafe(addressString) --find out the desusertion.. local desusertion2.... if desusertion==nil then.. --in case of registers.. return.. end.... if not alwaystaken then.. desusertion2=origin+state.parsed[origin].bytesize.. end;...... state.branchOrigins[origin]={}.. state.branchOrigins[origin].desusertiontaken=desusertion.. state.branchOrigins[origin].desusertionnottaken=desusertion2.... if state.branchDesusertions[desusertion]==nil then --list of desusertions and their origin(s).. state.branchDesusertions[desusertion]={}.. end.... table.insert(state.branchDesusertions[desusertion], origin).... if not alwaystaken then.. if state.branchDesusertions[desusertion2]==nil then --list of desusertions and their origin(s).

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-DJDME.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7984
                                                                                                                                                                                                                                                                        Entropy (8bit):4.628436564346363
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:hG6G275/GPinZJGJBo2HXwymhmBEO/66dogk:fG4/vnZJGJv3qABPm
                                                                                                                                                                                                                                                                        MD5:6BFAA8047A8912C979D8B7ADC21BEFC4
                                                                                                                                                                                                                                                                        SHA1:9DEB3F151A70B1DE2AF921E2C4A05A9AFBFE88DA
                                                                                                                                                                                                                                                                        SHA-256:7EFC51C61CEC0EF4330C63E8848AD17BF707CC7067F8F5E195AE69D373BF4D24
                                                                                                                                                                                                                                                                        SHA-512:BEC70863FE63321EC815164A84FC82F7F03139E668AC165E218B033C2E79150B405AE553CBD8543F3AEDC839DB35FC74C14348E080598FB7BC25FB7908386A0E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--patches a dotnet method. Prerequisite: Must not be inlined or generic, or anything complex....function ParseScriptTokens(script,values).. --parses the script for <> entries and looks up the value in the values table.. if script==nil then .. print(debug.traceback()).. error('ParseScriptTokens: script is nil') .. end.. if values==nil then .. print(debug.traceback()).. error('ParseScriptTokens: values is nil') .. end.. .. return string.gsub(script,"<(.-)>",function(v) .. local r=values[v].. if r then return r else return x end.. end)..end....function dotnetpatch_getAllReferences().. --gets a list of all assemblies.. --todo: if they are in-memory only, export them to a file first (create the mz/pe manually, just the metadata).. local r={}.. local sysfile.... if monopipe then.. mono_enumImages(function(img).. local n=mono_image_get_filename(img).. local ln=extractFileName(n:lower()).. if ln~='mscorlib.dll' and ln~='netstandard.dll' then..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-DPBO1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5446
                                                                                                                                                                                                                                                                        Entropy (8bit):5.106344058039722
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:UFbOaNZRB+TqamMsKs5EcDE0F39dLC/B9gn0TUTXM2sit8vD/Jae8:gaTqamQcN9dLq9QDM2fG7o
                                                                                                                                                                                                                                                                        MD5:4FF5CD5283B83CF4614D14E4363ED8F2
                                                                                                                                                                                                                                                                        SHA1:A435BF58C9E58211CADA8EA1AF2891EA488E4DD2
                                                                                                                                                                                                                                                                        SHA-256:45AD5D854DEE4CA07F60B5BA89CF328DD7B216A0EF3232A2647D15BE38C6C4C0
                                                                                                                                                                                                                                                                        SHA-512:8208B64CD2FFA356DCAC8463188325B1AF88C0598F231EA0E36E74DEC64E0C50740FC3DB26790BF39FA30C0D457B910A7F9EEC8E2049C04F48C793B58452A7A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--mp3 sound extension....if oldcreateMemoryStream==nil then oldcreateMemoryStream = createMemoryStream end..function createMemoryStream().. local obj = oldcreateMemoryStream().. local oldwrite=obj.write.... obj.write = function (t,n) -- override default write.. local count=0.. for _,v in ipairs(t) do.. if count==n then break end.. oldwrite({v},1).. count=count+1.. end.. end.... obj.writeDword = function (v) obj.write(dwordToByteTable(v)) end.. obj.writeWord = function (v) obj.write(wordToByteTable(v)) end.... return obj..end......--convertMP3ToRIFFMP3(stream)..function convertMP3ToRIFFMP3(stream).. local riffmp3 = createMemoryStream().... local header = {.. 0x46464952,0x00000000,0x45564157,0x20746D66,0x0000001E,0x00020055,.. 0x0000AC44,0x00000000,0x00000001,0x0001000C,0x00000002,0x00010001,.. 0x61660571,0x00047463,0x2FF80000,0x61640014.. } -- default is 44100Hz , Stereo.... loca

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-H4LP9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):5.052893474705733
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jFwErIVt0OdI+eGvJYazVId2EA3ivun0gVVjec0Lg0zVCAMBNXnGCWMdO:5myTjOId2p3ivIVje5tVDMBRnGV5
                                                                                                                                                                                                                                                                        MD5:9BA24A4B8CB68B40D229109565572F78
                                                                                                                                                                                                                                                                        SHA1:F2DABC40C3761FD9196291AB42943D580062CD11
                                                                                                                                                                                                                                                                        SHA-256:8B5608DAEDB4370990B65579EE8D1D5623644FD9C0BBE007211D5837DC690C72
                                                                                                                                                                                                                                                                        SHA-512:BEFA54FD6A87BAF24030B6E292E0D8E674FBD69B3424184582EB38D8AF2C8459E7728BC6F03032735A6A1B6C5FE459ECDB1C862BDBD390DC695F4085ABC3918A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Alice says hi!....local t=createTimer()..t.Interval=110000..t.OnTimer=function().. local f=getForm(0).. f.Width=f.Width+2.. f.Height=f.Height+2.... if t.Interval>10000 then.. t.Interval=t.Interval-10000.. end.... createMemoryStream().Size=math.random(65536*4,65536*32);..end

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-HPQT5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9243
                                                                                                                                                                                                                                                                        Entropy (8bit):4.766574177681985
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:C64/8dXYKgLNhpwHmFUazyI+Q4Om1q/Qt:t4nHUKUa0Out
                                                                                                                                                                                                                                                                        MD5:40D6BFE593194CF938E19622A3C13A5E
                                                                                                                                                                                                                                                                        SHA1:761257E8EF492431CF0E04DBCA396FABB25FE1AE
                                                                                                                                                                                                                                                                        SHA-256:C4CEF60489B067C8E7ABCDD5594643A27D0720B21523753DD462D53024287116
                                                                                                                                                                                                                                                                        SHA-512:1D1AAA9DE74B0BB08CC4CECED5DBFA4C589347EAC098D7AE013D5A1BEAAE0EEACA4D314E2591560C6DF14A93DD4E9316CA317D21EFADCCA57D11EEE72F4C6E16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'autosave.po')..end....require("lfs")....autosave={} --todo make local....local AutoSaveSettings=getSettings('Auto Save')..local AutoSaveVersion=1....autosave.getPath=function().. local path=AutoSaveSettings['SavePath'].. if (path==nil) or (path=='') then.. .. path=os.getenv("LOCALAPPDATA").. if (path==nil) or (path=='') then.. path=getCheatEngineDir() --last attempt .. end.. end.. .. if string.sub(path,#path)~='\\' then.. path=path..'\\'.. end.. .. return path..end....function autosave.saveState().... .. local pid=AutoSaveSettings['ProcessID'].. if pid and pid~='' then.. pid=tonumber(pid).. if pid~=getCheatEngineProcessID() then.. --another CE has done an autosave.. if getProcessList()[pid]==nil then.. --it doesn't exist anymore... messageDialog(translate('Another instance of Cheat Engine has crashed and it created an autosave. Autosave disabled until y

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-RFU96.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7574
                                                                                                                                                                                                                                                                        Entropy (8bit):4.744280698083541
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:J+/R0h8p0wyUYCCTLysSUDfH0HwjOtHdqFB2i6uMPV:LWBUDU9Er4V
                                                                                                                                                                                                                                                                        MD5:D609EA53AD996E63300E703ED98EAB08
                                                                                                                                                                                                                                                                        SHA1:8E19906C32BEE40E9A24CB82AB57D109AE11E038
                                                                                                                                                                                                                                                                        SHA-256:E0C48C9033C52F77AD7B1DF44E2BB81C2FEF868CE08D46054723BC8441F0C742
                                                                                                                                                                                                                                                                        SHA-512:CC85857D449F507477A12CB7D5BE31288BAECB3B41BD760EBF1BAD289771CC7EAAF608B74E421EDA948D0B45E02A6FC188474C0E926EAE20510C77D2AF8890A6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--version check update script for cheat engine..--Don't like it? Just delete this file. Easy as that....--For the translators:..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'VersionCheck.po')..end....local vsettings=getSettings("VersionCheck")....local VersionCheckThread....function CheckVersion(automatic).. --create a thread that will get the latest version and buildnumber.. if versionCheckThread==nil then.. versionCheckThread=createThread(function(t).. local i=getInternet('CEVersionCheck').. local r=i.getURL('https://cheatengine.org/latestversion.txt').... if r then.. local sl=createStringlist().. local newerVersion=false.. local latestVersionCompleteBuildNumber.. local latestVersionNumber.. local latestVersionString --separate for crap like 6.5.1 (can't show 6.51 to the user).. sl.Text=r.... if sl.Count<3 then.. t.synchronize(function().. if au

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-T1MFB.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):64056
                                                                                                                                                                                                                                                                        Entropy (8bit):5.143902164750308
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:/ilZhlpsM/bJ+CGLM0oJyevomQ385GxwuyC+N/0nNjoHhjCL:/ilZhlpsM6M0oJyUomQMUyC+N/0ZoCL
                                                                                                                                                                                                                                                                        MD5:54151E1842473981D08C4B1B69CEB46C
                                                                                                                                                                                                                                                                        SHA1:26CCFFD2AD4DE7FEA9CA7B11FBFBCF5CA3E9EA00
                                                                                                                                                                                                                                                                        SHA-256:B318D2AC5CF96BA8A0A36EDDBB62B250004D44F214BB10C0E82E4F2DDBDA95D9
                                                                                                                                                                                                                                                                        SHA-512:F9B76F51F089807610052D1DA2F147975EA3A2FF00C70FC373087A9CE55E24337F52174F062D5EC262FF9227F98CB32E09753B4E5A68FB443D8EB27890607B73
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--todo: split up into multiple units and use the java table for the methods as well......JAVACMD_STARTCODECALLBACKS=0..JAVACMD_STOPCODECALLBACKS=1..JAVACMD_GETLOADEDCLASSES=2..JAVACMD_DEREFERENCELOCALOBJECT=3..JAVACMD_GETCLASSMETHODS=4..JAVACMD_GETCLASSFIELDS=5..JAVACMD_GETIMPLEMENTEDINTERFACES=6..JAVAVMD_FINDREFERENCESTOOBJECT=7..JAVACMD_FINDJOBJECT=8..JAVACMD_GETCLASSSIGNATURE=9 --=getClassName..JAVACMD_GETSUPERCLASS=10..JAVACMD_GETOBJECTCLASS=11..JAVACMD_GETCLASSDATA=12..JAVACMD_REDEFINECLASS=13..JAVACMD_FINDCLASS=14..JAVACMD_GETCAPABILITIES=15..JAVACMD_GETMETHODNAME=16 --gets the methodname and the signature..JAVACMD_INVOKEMETHOD=17..JAVACMD_FINDCLASSOBJECTS=18 --find objects that belong to the given class..JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH=19..JAVACMD_ADDTOSYSTEMCLASSLOADERPATH=20..JAVACMD_PUSHLOCALFRAME=21..JAVACMD_POPLOCALFRAME=22..JAVACMD_GETFIELDDECLARINGCLASS=23..JAVACMD_GETFIELDS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-TEO8P.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (338), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):84022
                                                                                                                                                                                                                                                                        Entropy (8bit):4.86677649912196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:yui2L/B3vpXErHBRpUPrEUvh8VRzXzycAcnNSoaam0WEj:yurB6rhRpUPr9vszjycAcYoaam0WEj
                                                                                                                                                                                                                                                                        MD5:F30091A31003345EAE2A915D1EE13E9D
                                                                                                                                                                                                                                                                        SHA1:B42C1B7DA7E620A89A68274C7551D7BB3806441C
                                                                                                                                                                                                                                                                        SHA-256:CC505DA9EA622E39783D6AC0A98370E1B58EBA6702B9A1796FDC869AEEBBA261
                                                                                                                                                                                                                                                                        SHA-512:A9A801F42BF9A1ED54CBC2DC7AC397E6695EB685D4F03313059B08DB23ED9055727168B9AFFEE94416A584F703B9B97D515B6BC02FEF99F8EF6FB4B372AEE65E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--dotnetinfo is a passive .net query tool, but it can go to a active state if needed....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetinfo.po')..end....if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep='/'..end....debugInstanceLookup=false....local DPIMultiplier=(getScreenDPI()/96)..local CONTROL_MONO=0..local CONTROL_DOTNET=1....DataSource={} --All collected data about the current process. From domains, to images, to classes, to fields and methods. Saves on queries and multiple windows can use it..local CurrentProcess....local ELEMENT_TYPE_END = 0x00 -- End of List..local ELEMENT_TYPE_VOID = 0x01..local ELEMENT_TYPE_BOOLEAN = 0x02..local ELEMENT_TYPE_CHAR = 0x03..local ELEMENT_TYPE_I1 = 0x04..local ELEMENT_TYPE_U1 = 0x05..local ELEMENT_TYPE_I2 = 0x06..local ELEMENT_TYPE_U2 = 0x07..local ELEMENT_TYPE_I4 = 0x08..local ELEMENT_TYPE_U4 = 0x09..local ELEMENT_TYPE_I8

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-TU5C3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):53565
                                                                                                                                                                                                                                                                        Entropy (8bit):4.994608075433237
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:kR7JxiEJ1FwKp/UnSkXZh/GZPbZ1/GZU29s4dwHvuhWaPg5jys9:Oiqp/UnSkXZh/GZPbZ1/GZUWm9
                                                                                                                                                                                                                                                                        MD5:96A64006F752ECD75FAED81F86212F93
                                                                                                                                                                                                                                                                        SHA1:1889EBB9C206866A7096F6ECD5B7CEC628DCDCBE
                                                                                                                                                                                                                                                                        SHA-256:4F0E7249A20147FB1E364B5B182D990E6D00BF6A2624EDAA368B65142DD08408
                                                                                                                                                                                                                                                                        SHA-512:01F01661B7C8DDDC2940FB8A6E3384C5BEBD1560703E510E7EC029A294AA0A49486B6948851D99C01594CBDDF75295D2F38AB4C1E7760AFA3E40B15151B0FB2B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--Java class editor......--[[..This will show an userinterface for editing java classes and will return a list of "patch" commands..that can be used with the runtime java class edit commands....e.g:..DefineLabel(spot)..InsertBytecode(spot, command)..ModifyBytecode(spot, command)..DeleteBytecode(spot) (could be ModifyBytecode(spot,"nop") )......The user should not have to know about exceptions and how their positions change with each insert/delete....gui:..listview:..index|byteindex|label |exception|instruction|..-----|---------|------|---------|-----------|..0 |0 | | |nop | Insert..0 |1 |l1: |ex1: |branch l1 | Delete.. Modify....--]]....--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html......java_bytecodes={}....--[[..paramtypes:.. s1=signed 1 byte.. s2=signed 2 byte.. s4=signed 4 b

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-U4AO6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7632
                                                                                                                                                                                                                                                                        Entropy (8bit):4.883983761190223
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:peDFQNTce2Qt5q/sn2Wdk7RlxJKTiZjYsfUv:p3ue2F7RlxJfYP
                                                                                                                                                                                                                                                                        MD5:459B793E0DC43A993F03D8B612F67CEC
                                                                                                                                                                                                                                                                        SHA1:F14AE9AFBE97AF534A11BF98AC1CC096269F1474
                                                                                                                                                                                                                                                                        SHA-256:E2CBB4C2F46305BB07D84222231012FD4C800FE8E1B43E0AA1AF9B6C5D111F7F
                                                                                                                                                                                                                                                                        SHA-512:1740068E3419D153ECBD9D1A6AADA20AABE71915E7422DCE1A83E616E8D2A1084922A81741591A682531E1F8146E437D8688521C7707A4909E5721768A3F956E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Copyright Cheat Engine......local function getOriginalCodeAndFiller(address).. local original,filler.... if type(address)~='number' then.. address=getAddressSafe(address).. end.... if address==nil then.. return nil, 'invalid address'.. end.... local sl=createStringList().. local d=createDisassembler().. local size=0.. while size<5 do.. d.disassemble(address).. local ldd=d.LastDisassembleData.. local inst=ldd.opcode..' '..ldd.parameters.. sl.add(inst).. size=size+#ldd.bytes.. address=address+#ldd.bytes.. end.... original=sl.Text.. if size-5>0 then.. filler=string.format("nop %x", size-5).. else.. filler=''.. end.... sl.destroy().. d.destroy().. return original,filler..end......local function hookSpeedFunctions().. if speedhack and speedhack.processid==getOpenedProcessID() then .. return true.. end.... local result, data=autoAssemble([[.. alloc(speedhack_wantedspeed,4).. registersymbol(speedhack_wantedspeed).. speedhack_w

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\is-VJFB4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):629
                                                                                                                                                                                                                                                                        Entropy (8bit):4.667259230622991
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:03Iw9kSSIEPchubhxoyPJ4y/oJf3DftSg0n/iyHfHHEo44JsITT+wF:03IwRCfPJ1/wKrHfHh4AsATvF
                                                                                                                                                                                                                                                                        MD5:DF4D243AB0407A1F03CCF448232FCF62
                                                                                                                                                                                                                                                                        SHA1:62453CFA7ABF6FA83158BE1BA86C854D9A6B7D4B
                                                                                                                                                                                                                                                                        SHA-256:C5A35380AF8BEBE96B85377F5F41F8C068CB857C74B9CB85B7467B35C1DE10C4
                                                                                                                                                                                                                                                                        SHA-512:4B05B65909673E92F59AB64C1FF4E0B829F5C9085EAFA1FFF28CB0CCD7E6A7F6EF031633F443E0BA156A4B8F5009F526D0356F39EF77B22706F98F100B1909C2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:luasymbols=registerSymbolLookupCallback(function(str).. if str then.. local firstchar=str:sub(1,1).. .. if (firstchar=='\'') or (firstchar=='\"') then.. return nil.. end.. .. local c='return '..str.. local lc=loadstring(c).. if lc then.. local isvalid,result=pcall(lc).. if isvalid then.. return result.. else.. return nil.. end.. end.. end..end, slNotSymbol) ....registerEXETrainerFeature('Lua Symbols', function().. local r={}.. r[1]={}.. r[1].PathToFile=getCheatEngineDir()..[[autorun\luasymbols.lua]].. r[1].RelativePath=[[autorun\]].. .. return r..end)

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\java.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):64056
                                                                                                                                                                                                                                                                        Entropy (8bit):5.143902164750308
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:/ilZhlpsM/bJ+CGLM0oJyevomQ385GxwuyC+N/0nNjoHhjCL:/ilZhlpsM6M0oJyUomQMUyC+N/0ZoCL
                                                                                                                                                                                                                                                                        MD5:54151E1842473981D08C4B1B69CEB46C
                                                                                                                                                                                                                                                                        SHA1:26CCFFD2AD4DE7FEA9CA7B11FBFBCF5CA3E9EA00
                                                                                                                                                                                                                                                                        SHA-256:B318D2AC5CF96BA8A0A36EDDBB62B250004D44F214BB10C0E82E4F2DDBDA95D9
                                                                                                                                                                                                                                                                        SHA-512:F9B76F51F089807610052D1DA2F147975EA3A2FF00C70FC373087A9CE55E24337F52174F062D5EC262FF9227F98CB32E09753B4E5A68FB443D8EB27890607B73
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--todo: split up into multiple units and use the java table for the methods as well......JAVACMD_STARTCODECALLBACKS=0..JAVACMD_STOPCODECALLBACKS=1..JAVACMD_GETLOADEDCLASSES=2..JAVACMD_DEREFERENCELOCALOBJECT=3..JAVACMD_GETCLASSMETHODS=4..JAVACMD_GETCLASSFIELDS=5..JAVACMD_GETIMPLEMENTEDINTERFACES=6..JAVAVMD_FINDREFERENCESTOOBJECT=7..JAVACMD_FINDJOBJECT=8..JAVACMD_GETCLASSSIGNATURE=9 --=getClassName..JAVACMD_GETSUPERCLASS=10..JAVACMD_GETOBJECTCLASS=11..JAVACMD_GETCLASSDATA=12..JAVACMD_REDEFINECLASS=13..JAVACMD_FINDCLASS=14..JAVACMD_GETCAPABILITIES=15..JAVACMD_GETMETHODNAME=16 --gets the methodname and the signature..JAVACMD_INVOKEMETHOD=17..JAVACMD_FINDCLASSOBJECTS=18 --find objects that belong to the given class..JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH=19..JAVACMD_ADDTOSYSTEMCLASSLOADERPATH=20..JAVACMD_PUSHLOCALFRAME=21..JAVACMD_POPLOCALFRAME=22..JAVACMD_GETFIELDDECLARINGCLASS=23..JAVACMD_GETFIELDS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\javaClassEditor.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):53565
                                                                                                                                                                                                                                                                        Entropy (8bit):4.994608075433237
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:kR7JxiEJ1FwKp/UnSkXZh/GZPbZ1/GZU29s4dwHvuhWaPg5jys9:Oiqp/UnSkXZh/GZPbZ1/GZUWm9
                                                                                                                                                                                                                                                                        MD5:96A64006F752ECD75FAED81F86212F93
                                                                                                                                                                                                                                                                        SHA1:1889EBB9C206866A7096F6ECD5B7CEC628DCDCBE
                                                                                                                                                                                                                                                                        SHA-256:4F0E7249A20147FB1E364B5B182D990E6D00BF6A2624EDAA368B65142DD08408
                                                                                                                                                                                                                                                                        SHA-512:01F01661B7C8DDDC2940FB8A6E3384C5BEBD1560703E510E7EC029A294AA0A49486B6948851D99C01594CBDDF75295D2F38AB4C1E7760AFA3E40B15151B0FB2B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--Java class editor......--[[..This will show an userinterface for editing java classes and will return a list of "patch" commands..that can be used with the runtime java class edit commands....e.g:..DefineLabel(spot)..InsertBytecode(spot, command)..ModifyBytecode(spot, command)..DeleteBytecode(spot) (could be ModifyBytecode(spot,"nop") )......The user should not have to know about exceptions and how their positions change with each insert/delete....gui:..listview:..index|byteindex|label |exception|instruction|..-----|---------|------|---------|-----------|..0 |0 | | |nop | Insert..0 |1 |l1: |ex1: |branch l1 | Delete.. Modify....--]]....--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html......java_bytecodes={}....--[[..paramtypes:.. s1=signed 1 byte.. s2=signed 2 byte.. s4=signed 4 b

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\javaclass.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):18412
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0642202603121165
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:zGYmhPbvqKlu2uzKCM/muwu5gfMs5eQVQgQ2GO:zGkKl4zm/mhR
                                                                                                                                                                                                                                                                        MD5:E4FA493CBF4F5E932DCE648A78800616
                                                                                                                                                                                                                                                                        SHA1:B82C12B23AE06AC07AE61B0B599F055DC879C949
                                                                                                                                                                                                                                                                        SHA-256:ACFB9FDA20C347D8B7B2E513D38D2692BD054AE90B88E846460E66B986DD8D1C
                                                                                                                                                                                                                                                                        SHA-512:E0C4B9B757D4F38DBDB2C5CE11FA27EE742EDA97A20F098D38300C8DCF27015D5CFC8BFD658B6A7F48CFDECE9645DA633C32B18050598A368432F7B026826823
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....require([[autorun\javaClassEditor]])....--parser for .class files and java bytecode..--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html....--constant type values..java_CONSTANT_Class=7..java_CONSTANT_Fieldref=9..java_CONSTANT_Methodref=10..java_CONSTANT_InterfaceMethodref=11..java_CONSTANT_String=8..java_CONSTANT_Integer=3..java_CONSTANT_Float=4..java_CONSTANT_Long=5..java_CONSTANT_Double=6..java_CONSTANT_NameAndType=12..java_CONSTANT_Utf8=1..java_CONSTANT_MethodHandle=15..java_CONSTANT_MethodType=16..java_CONSTANT_InvokeDynamic=18......function java_read_u4(stream).. local b={string.byte(stream.data, stream.index,stream.index+4-1)}.. stream.index=stream.index+4.... return byteTableToDword({b[4],b[3],b[2],b[1]})..end......function java_read_u2(stream).. local b={string.byte(stream.data, stream.index,stream.index+2-1)}.. stream.index=stream.index+2.... return byteTableToWord({b

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\luasymbols.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):629
                                                                                                                                                                                                                                                                        Entropy (8bit):4.667259230622991
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:03Iw9kSSIEPchubhxoyPJ4y/oJf3DftSg0n/iyHfHHEo44JsITT+wF:03IwRCfPJ1/wKrHfHh4AsATvF
                                                                                                                                                                                                                                                                        MD5:DF4D243AB0407A1F03CCF448232FCF62
                                                                                                                                                                                                                                                                        SHA1:62453CFA7ABF6FA83158BE1BA86C854D9A6B7D4B
                                                                                                                                                                                                                                                                        SHA-256:C5A35380AF8BEBE96B85377F5F41F8C068CB857C74B9CB85B7467B35C1DE10C4
                                                                                                                                                                                                                                                                        SHA-512:4B05B65909673E92F59AB64C1FF4E0B829F5C9085EAFA1FFF28CB0CCD7E6A7F6EF031633F443E0BA156A4B8F5009F526D0356F39EF77B22706F98F100B1909C2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:luasymbols=registerSymbolLookupCallback(function(str).. if str then.. local firstchar=str:sub(1,1).. .. if (firstchar=='\'') or (firstchar=='\"') then.. return nil.. end.. .. local c='return '..str.. local lc=loadstring(c).. if lc then.. local isvalid,result=pcall(lc).. if isvalid then.. return result.. else.. return nil.. end.. end.. end..end, slNotSymbol) ....registerEXETrainerFeature('Lua Symbols', function().. local r={}.. r[1]={}.. r[1].PathToFile=getCheatEngineDir()..[[autorun\luasymbols.lua]].. r[1].RelativePath=[[autorun\]].. .. return r..end)

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\modulelistscan.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2095
                                                                                                                                                                                                                                                                        Entropy (8bit):4.920154640424097
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:gzax3OK42b8w6aBxVpKDRKLYChKr+deaUAyA16AhXaAe76:gzax+KIPazVpKDRaNhKr+dlUDy6GXapW
                                                                                                                                                                                                                                                                        MD5:CA347DEF8A682D2ADF951C4ECBABD948
                                                                                                                                                                                                                                                                        SHA1:C65BBC8A5106E9ACE9DDC450EC3A5F637704FA62
                                                                                                                                                                                                                                                                        SHA-256:1F11078B143B92612822F3DFC09D93778471198F203694C8FC911E249FBBC557
                                                                                                                                                                                                                                                                        SHA-512:9F7A08822D9357AF72A27707C17FC0D3EC03E72333D88E2BA8E2BE95EAB7BA9C1B33EA3E2E20D734C382F4732F77443D3AA9C189667A74195987F5DB486E2651
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local c=createComboBox(MainForm.gbScanOptions)....c.Style='csDropDownList'..c.Items.add('All')..c.ItemIndex=0..c.Name='ScanOptionsModuleList' ......c.Align=alTop..c.BorderSpacing.Left=6..c.BorderSpacing.Right=6..c.BorderSpacing.Bottom=2....local modulelist....function FillList().. local is64bit=targetIs64Bit().. local op.. if is64bit then.. op='32'.. else.. op='64'.. end.. synchronize(function() .. while c.Items.Count>1 do.. c.Items.delete(1).. end.. end).... modulelist=enumModules().. .. synchronize(function().. if modulelist then.. local i.. for i=1, #modulelist do.. modulelist[i].OriginalName=modulelist[i].Name.. if modulelist[i].Is64Bit ~= is64bit then.. modulelist[i].OriginalName='_'..modulelist[i].OriginalName.. modulelist[i].Name=modulelist[i].Name..' ('..op..'-bit)'.. end.... c.Items.Add(modulelist[i].Name).. end.. end.. end)..end....c.OnMouseEnter=function(d) .. if c.Items.Count<

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\monoscript.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):136078
                                                                                                                                                                                                                                                                        Entropy (8bit):5.006188616081032
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:/t5zmxQLPqWuiXL9eqiK8uthP/xoiEFLWiP8bTg1b3lDWIkGkxv0C2r0EcD+JZSh:O5n6MJCAi7hXZS8YHo6FG7236nDZ
                                                                                                                                                                                                                                                                        MD5:76168CA68F3ED8ADE110B140244EFBAF
                                                                                                                                                                                                                                                                        SHA1:2AF08403D17A64B10429C8FCE68AA085A6B287B7
                                                                                                                                                                                                                                                                        SHA-256:5832B5AB00E84690AC1E780E8B1C4ABD9649465234C9FFA2CECB410BE66A6B8A
                                                                                                                                                                                                                                                                        SHA-512:80AD21D631934D2B8E368A5B2D3CB5F1889D4A65099C2D8CD8BA37EB721C1EBDC2C6549FC530514BF9F96976FFCBFD372150F1F16A6591DA013FE4F1D1BB070B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'monoscript.po')..end....local thread_checkifmonoanyhow=nil..local StructureElementCallbackID=nil..local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....local dpiscale=getScreenDPI()/96....--[[local]] monocache={}....mono_timeout=3000 --change to 0 to never timeout (meaning: 0 will freeze your face off if it breaks on a breakpoint, just saying ...)....MONO_DATACOLLECTORVERSION=20221207....MONOCMD_INITMONO=0..MONOCMD_OBJECT_GETCLASS=1..MONOCMD_ENUMDOMAINS=2..MONOCMD_SETCURRENTDOMAIN=3..MONOCMD_ENUMASSEMBLIES=4..MONOCMD_GETIMAGEFROMASSEMBLY=5..MONOCMD_GETIMAGENAME=6..MONOCMD_ENUMCLASSESINIMAGE=7..MONOCMD_ENUMFIELDSINCLASS=8..MONOCMD_ENUMMETHODSINCLASS=9..MONOCMD_COMPILEMETHOD=10..MONOCMD_GETMETHODHEADER=11..MONOCMD_GETMETHODHEADER_CODE=12..MONOCMD_LOOKUPRVA=13..MONOCMD_GETJITINFO=14..MONOCMD_FINDCLASS=15..MONOCMD_FIND

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\patchscan.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17557
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7553596901580395
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:02/2WiurcwWJsFH1bukLWmHwt/5B9ndDiC4fVAslnlKQ8gLIeHkSD//TVxVkB8CZ:HtWIBugO8ieHkSDnTVTnC8i+lLQC/6
                                                                                                                                                                                                                                                                        MD5:F2896031568F43A7E4A7529A16F4EA12
                                                                                                                                                                                                                                                                        SHA1:A24B17AEC47FB290EE29BFC01C7386B85827D14E
                                                                                                                                                                                                                                                                        SHA-256:0714BD0F908345D7588A09C856746D76861CE4EB3571692BABC1BCE2D35A57AA
                                                                                                                                                                                                                                                                        SHA-512:B4F9EBB1E8375045269FF11FE2B6AEC3C31E64AB89CDDBFF1D26451DB3426AE841E28D184539959F84248CF101854F47E8F3497BA8414460ABCAC3C0D66248B3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local DPIMultiplier=(getScreenDPI()/96)....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'patchscan.po')..end....local IMAGE_SCN_CNT_CODE=0x20..local IMAGE_SCN_MEM_EXECUTE=0x20000000....function byteTableToHexString(bt).. local i.. local r=''.... if bt then.. for i=1,#bt do.. r=r..string.format("%.2x ",bt[i]).. end.. end.. return r..end......function scanModuleForPatches(modulepath, loadedModuleBase, thread).... local original=createMemoryStream().. local r,e=original.loadFromFileNoError(modulepath).. if not r then.. original.destroy().. return false,e.. end.. original.Position=0...... if (byteTableToString(original.read(2))~='MZ') then.. original.destroy().. return nil,translate('Not a valid executable').. end.... original.Position=60;.. local lfanew=original.readDword();.. original.Position=lfanew;.... if (byteTableToString(original.read(2))~='PE') then.. original.destroy().. return nil,translate('Not a valid win

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\pseudocode.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7354
                                                                                                                                                                                                                                                                        Entropy (8bit):4.798336095796441
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:K9yd/VQilJ6HLwxxKF9Znu8KX+qNdYSnatJoqVSQPFLqJ4:K0VPlJMgNdYSnatmqVSQPFLc4
                                                                                                                                                                                                                                                                        MD5:2BE703BF1FF1EA4DD6D1EFF673367E48
                                                                                                                                                                                                                                                                        SHA1:13C122CFD7EB38D298FA91F3D6021F025578B508
                                                                                                                                                                                                                                                                        SHA-256:6704BEF60F60F85E76AA19B96A43ACA74C4AA8905B4033A20C24B75171B33D0A
                                                                                                                                                                                                                                                                        SHA-512:E1FC1C55574F5FECEF535734A23DB9738D4C5762E085DEA721F9CD7F5F9F364DD1428F669F26149F1E49414F38A4C00BC7FD4F5E1A5C03A0E53B24C859B25C5E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:local function genericJumpHandler(state, alwaystaken).. local origin=state.address.. local addressString=string.gsub(state.ldd.parameters,"qword ptr ","").. local addressString=string.gsub(addressString,"dword ptr ","").. local desusertion=getAddressSafe(addressString) --find out the desusertion.. local desusertion2.... if desusertion==nil then.. --in case of registers.. return.. end.... if not alwaystaken then.. desusertion2=origin+state.parsed[origin].bytesize.. end;...... state.branchOrigins[origin]={}.. state.branchOrigins[origin].desusertiontaken=desusertion.. state.branchOrigins[origin].desusertionnottaken=desusertion2.... if state.branchDesusertions[desusertion]==nil then --list of desusertions and their origin(s).. state.branchDesusertions[desusertion]={}.. end.... table.insert(state.branchDesusertions[desusertion], origin).... if not alwaystaken then.. if state.branchDesusertions[desusertion2]==nil then --list of desusertions and their origin(s).

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\pseudocodediagram.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (301), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):57578
                                                                                                                                                                                                                                                                        Entropy (8bit):4.965043624755705
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:SDN7O8gQVISPW3R89Mvybxj/kTdg4YXj2P:SDN7OiPW3W9MvybxjM/dP
                                                                                                                                                                                                                                                                        MD5:49C105DC0F4E732802284180722747C2
                                                                                                                                                                                                                                                                        SHA1:CDC575490B51A252202BB5E37F0536870DD3CCA0
                                                                                                                                                                                                                                                                        SHA-256:43DAE8CFAA2C16B3D94C748DE250BBA2E16E9789C8B2F3395CB6ED4F79E624C6
                                                                                                                                                                                                                                                                        SHA-512:B3A582E1FB4BAF003F40262C888ADF84041874E729A97D8CFAED581C84B7B3F5823DAFA4249607D4E79B62AA30BC207632ECA9522A0866EDF1C57CFC8296EFE7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'pseudocodediagram.po')..end......--[[pseudocodediagram.lua]]--....local DPIAdjust=getScreenDPI()/96....--Global..diagramstyle = {}..diagramstyle.instruction_registerstyle = '[31;1m' --red + bold..diagramstyle.instruction_hexstyle = '[34;1m' --blue + bold..diagramstyle.instruction_symbolstyle = '[32;1m' --green + bold..diagramstyle.instruction_opcodestyle = '[1m' --bold..diagramstyle.link_defaultcolor = 0x00FF00FF --fuchsia..diagramstyle.link_nottakencolor = 0x000000FF --red..diagramstyle.link_takencolor = 0x00FF0000 --blue..diagramstyle.link_linethickness = 3*DPIAdjust..diagramstyle.link_arrowsize = math.ceil(5*DPIAdjust)..diagramstyle.link_pointdepth = 20*DPIAdjust --distance between links..diagramstyle.block_headershowsymbol = true..diagramstyle.block_bodyshowaddresses = fal

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\savesession.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8862
                                                                                                                                                                                                                                                                        Entropy (8bit):4.974583347443069
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:b4QnfODIk5ktS+Xp7SjCjL6jSCXNB3mtS+jwKtwTZX:bwDIAoL6jfMbtwX
                                                                                                                                                                                                                                                                        MD5:18D66678D7078C907FDDB5CC4E16E94E
                                                                                                                                                                                                                                                                        SHA1:681DC425C522D1A87588E224980F539DE791F2C2
                                                                                                                                                                                                                                                                        SHA-256:D99600BD2A0E754423499C963953FBF16B5FF9CECADC44F1332733F08F3D3F6E
                                                                                                                                                                                                                                                                        SHA-512:D22C18C47D93C12ED60BF704C590AF3FE7D7D0BCC49B77939F18424F2D15241C084F7288AC1695F22EA97DE1C6605351DAAF98FB86A6D4269ADAE2C78642BA10
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'SaveSessions.po')..end......if cheatEngineIs64Bit() then.. if string.find(package.cpath, 'clibs64')==nil then.. package.cpath=package.cpath..[[;.\clibs64\?.dll]].. end..else.. if string.find(package.cpath, 'clibs32')==nil then.. package.cpath=package.cpath..[[;.\clibs32\?.dll]].. end..end....require("lfs")....function loadMemoryScan_internal(filename).. --print("loadMemoryScan").. .. --the thread is used to bypasses a bug in 6.3.....local ms=getCurrentMemscan()...local mf=getMainForm()...........local input,err=createFileStream(filename,fmOpenRead or fmShareDenyNone).. if input==nil then.. MessageDialog(err, mtError,mbOK).. return.. end.....local scanvalue=input.readAnsiString().. local originalFromAddress=input.readAnsiString() .. local originalToAddress=input.readAnsiString() ...local scantype=input.readByte()...local vartype=input.readByte().. .....local savedscancount=input.readByte(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\soundextension.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5446
                                                                                                                                                                                                                                                                        Entropy (8bit):5.106344058039722
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:UFbOaNZRB+TqamMsKs5EcDE0F39dLC/B9gn0TUTXM2sit8vD/Jae8:gaTqamQcN9dLq9QDM2fG7o
                                                                                                                                                                                                                                                                        MD5:4FF5CD5283B83CF4614D14E4363ED8F2
                                                                                                                                                                                                                                                                        SHA1:A435BF58C9E58211CADA8EA1AF2891EA488E4DD2
                                                                                                                                                                                                                                                                        SHA-256:45AD5D854DEE4CA07F60B5BA89CF328DD7B216A0EF3232A2647D15BE38C6C4C0
                                                                                                                                                                                                                                                                        SHA-512:8208B64CD2FFA356DCAC8463188325B1AF88C0598F231EA0E36E74DEC64E0C50740FC3DB26790BF39FA30C0D457B910A7F9EEC8E2049C04F48C793B58452A7A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--mp3 sound extension....if oldcreateMemoryStream==nil then oldcreateMemoryStream = createMemoryStream end..function createMemoryStream().. local obj = oldcreateMemoryStream().. local oldwrite=obj.write.... obj.write = function (t,n) -- override default write.. local count=0.. for _,v in ipairs(t) do.. if count==n then break end.. oldwrite({v},1).. count=count+1.. end.. end.... obj.writeDword = function (v) obj.write(dwordToByteTable(v)) end.. obj.writeWord = function (v) obj.write(wordToByteTable(v)) end.... return obj..end......--convertMP3ToRIFFMP3(stream)..function convertMP3ToRIFFMP3(stream).. local riffmp3 = createMemoryStream().... local header = {.. 0x46464952,0x00000000,0x45564157,0x20746D66,0x0000001E,0x00020055,.. 0x0000AC44,0x00000000,0x00000001,0x0001000C,0x00000002,0x00010001,.. 0x61660571,0x00047463,0x2FF80000,0x61640014.. } -- default is 44100Hz , Stereo.... loca

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\versioncheck.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7574
                                                                                                                                                                                                                                                                        Entropy (8bit):4.744280698083541
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:J+/R0h8p0wyUYCCTLysSUDfH0HwjOtHdqFB2i6uMPV:LWBUDU9Er4V
                                                                                                                                                                                                                                                                        MD5:D609EA53AD996E63300E703ED98EAB08
                                                                                                                                                                                                                                                                        SHA1:8E19906C32BEE40E9A24CB82AB57D109AE11E038
                                                                                                                                                                                                                                                                        SHA-256:E0C48C9033C52F77AD7B1DF44E2BB81C2FEF868CE08D46054723BC8441F0C742
                                                                                                                                                                                                                                                                        SHA-512:CC85857D449F507477A12CB7D5BE31288BAECB3B41BD760EBF1BAD289771CC7EAAF608B74E421EDA948D0B45E02A6FC188474C0E926EAE20510C77D2AF8890A6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--version check update script for cheat engine..--Don't like it? Just delete this file. Easy as that....--For the translators:..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'VersionCheck.po')..end....local vsettings=getSettings("VersionCheck")....local VersionCheckThread....function CheckVersion(automatic).. --create a thread that will get the latest version and buildnumber.. if versionCheckThread==nil then.. versionCheckThread=createThread(function(t).. local i=getInternet('CEVersionCheck').. local r=i.getURL('https://cheatengine.org/latestversion.txt').... if r then.. local sl=createStringlist().. local newerVersion=false.. local latestVersionCompleteBuildNumber.. local latestVersionNumber.. local latestVersionString --separate for crap like 6.5.1 (can't show 6.51 to the user).. sl.Text=r.... if sl.Count<3 then.. t.synchronize(function().. if au

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\xml\is-7H6HO.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6083
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574208772239494
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:j2S/HgQOsILKD/nMed210naDVOPkkmVBgB+CPcGhJpl:j2iHgQOsILKD/nMed210ngOPkkmVBPG3
                                                                                                                                                                                                                                                                        MD5:274946677CB1FB1C63A04AEB641E21D0
                                                                                                                                                                                                                                                                        SHA1:B4C71B59792773F20878E3BA582331CF4EA7D592
                                                                                                                                                                                                                                                                        SHA-256:05258E280F53C5905AE374F808F4383CFD0898F6E620D875136EDEB0FDBA34F5
                                                                                                                                                                                                                                                                        SHA-512:AAC74D0DA491AC3E9465964A3861F93EACD63D2C445C1F235FED444F60F9CE19D3BF5069BD012AE72593516DB96CA4A0FDFA07E83218466743551CBF1A6A64EF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--module(..., package.seeall)..local f={}....---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..--..-- Original source: https://github.com/Cluain/Lua-Simple-XML-Parser..--..-- xml.lua - XML parser for use with the Corona SDK...--..-- version: 1.2..--..-- CHANGELOG:..--..-- 1.2 - Created new structure for returned table..-- 1.1 - Fixed base directory issue with the loadFile() function...--..-- NOTE: This is a modified version of Alexander Makeev's Lua-only XML parser..-- found here: http://lua-users.org/wiki/LuaXml..--..---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..function f.newParser().... XmlParser = {};.... function XmlParser:ToXmlString(value).. value = string.gsub(value, "&", "&amp;"); -- '&' -> "&amp;".. value = string.gsub(value

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\autorun\xml\xmlSimple.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6083
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574208772239494
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:j2S/HgQOsILKD/nMed210naDVOPkkmVBgB+CPcGhJpl:j2iHgQOsILKD/nMed210ngOPkkmVBPG3
                                                                                                                                                                                                                                                                        MD5:274946677CB1FB1C63A04AEB641E21D0
                                                                                                                                                                                                                                                                        SHA1:B4C71B59792773F20878E3BA582331CF4EA7D592
                                                                                                                                                                                                                                                                        SHA-256:05258E280F53C5905AE374F808F4383CFD0898F6E620D875136EDEB0FDBA34F5
                                                                                                                                                                                                                                                                        SHA-512:AAC74D0DA491AC3E9465964A3861F93EACD63D2C445C1F235FED444F60F9CE19D3BF5069BD012AE72593516DB96CA4A0FDFA07E83218466743551CBF1A6A64EF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--module(..., package.seeall)..local f={}....---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..--..-- Original source: https://github.com/Cluain/Lua-Simple-XML-Parser..--..-- xml.lua - XML parser for use with the Corona SDK...--..-- version: 1.2..--..-- CHANGELOG:..--..-- 1.2 - Created new structure for returned table..-- 1.1 - Fixed base directory issue with the loadFile() function...--..-- NOTE: This is a modified version of Alexander Makeev's Lua-only XML parser..-- found here: http://lua-users.org/wiki/LuaXml..--..---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..function f.newParser().... XmlParser = {};.... function XmlParser:ToXmlString(value).. value = string.gsub(value, "&", "&amp;"); -- '&' -> "&amp;".. value = string.gsub(value

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\bullet.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):187
                                                                                                                                                                                                                                                                        Entropy (8bit):5.975104411893651
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlg5UwjHTAadCmy9h/rywOia85Fxf1v1JClwBWfxvo4AzsOfdp:6v/lhP+KWHT19ghmIFxRiwBYFfAzswdp
                                                                                                                                                                                                                                                                        MD5:8BCC2E16763817795E4E81EC86457038
                                                                                                                                                                                                                                                                        SHA1:050BDB436ADC138D2559D96842A5DD39FA1CF315
                                                                                                                                                                                                                                                                        SHA-256:CDFC96FBA6EFD3F26C779B4A892AFFFC292D451CC94104C3272B258E17204D07
                                                                                                                                                                                                                                                                        SHA-512:E992395ABE6F058F3135F5734789C1F4865F865E763BBB10CCE371BCC191E9DD358C1C633C8597601695B73AC008FC864A1AF6920501731E9FCF1C26344ACC22
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............1.5;....bKGD..............pHYs..........+......tIME......%..{....HIDAT..}.... ......tD?&..LM..8....*.:...=/...mVb....U....@.V.".ge.?.~6r...4Nw..!....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\door.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):179
                                                                                                                                                                                                                                                                        Entropy (8bit):5.695302062158259
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlul4fRAadCmy9h/rywOievplxdGt0skV6UhhJnElnbgsrZsYp0rx1p:6v/lhPVfR19ghmFlyOho5gesE0Pp
                                                                                                                                                                                                                                                                        MD5:036394E78B67C1F5C2E1773B74D148E9
                                                                                                                                                                                                                                                                        SHA1:3B78B52F1C67BBA12A147BFCB805D6F913E70667
                                                                                                                                                                                                                                                                        SHA-256:96200DBE8BD64BDF2A85E1FE45FF2169FA08B080425A0F32E4F08A65D83CAB5B
                                                                                                                                                                                                                                                                        SHA-512:2156BD6E61EA3299F8CB83D9AB1A24062A7AAD743FCED71FBB108AE6F9FC5EBA72843D1619EFA5A9091402631739DDD960C17968B1A4A1027296CECC254C0E65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME........<.s...@IDAT8.c....?......0p.Y...H.......qE..........YHS....C.f....LG........6....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\infobutton.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):707
                                                                                                                                                                                                                                                                        Entropy (8bit):7.4418596058676645
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7GmBjAkh8fjIqLe7yagUPqvMPwE5t7frC1Tt00JETw0jg3Or2ksPd:/mBjAkh8fsqa7W2wEPDov3oQl
                                                                                                                                                                                                                                                                        MD5:45E0091B87215F768F524DBBEDEDD74E
                                                                                                                                                                                                                                                                        SHA1:9835B0E117146128C5EED7E43FBE1602C5C1BC23
                                                                                                                                                                                                                                                                        SHA-256:576467863491FAEDE8053F95BD0C66CF3C273F6B27A05984F81F51AA289191BE
                                                                                                                                                                                                                                                                        SHA-512:D627E4A81E32542A455A26B775E6CE30580658F4443CB84CF23022ADEC83A315264CE3FAEDD4315A62625843582396B76E994C6C0A91C2C63BB514B05B9ABE6B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME........-.%...PIDATh...1R.0...;?.W@E.".`.@..<.2?....R....4.M&...DCf.cY'..t2.....,..IFP..s...DD.~a.A.;*.......5.H.`... ..........F.....T....|.SQbA..As....` .B....B....810...@.H.......H....+.<.....(...\"B.F..u....]........~^..C7q..k.zp.Lh.p..{z.EG.. #.Z'........ w....c.^9*.!v....3.&.!>-Zp..../.... 7.......O...>.f.*y..3....G.....)=.......+G...... F...G....`.b+.QV..WB0.1.";.....F.~+.?.D..L.p7...j.0.~..R...W...T...N.Z..2~...j,..@....3bi.#4.&..&y..d3V.#j...k.,.K...C%...%..s..yj.....7sJK]A..&p.D_17.$^../..).Z"a6"..zd...ZO.Q B..@r.H..1.N.R1.A......)~:?...E. .".#...7xrA4~;.C..1.._....}J.T.&0.j....aL#/.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-23B5A.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):723
                                                                                                                                                                                                                                                                        Entropy (8bit):7.502991938803606
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7G1sYhROoOG76OFtzvDM28m4mH8qGjGMXOKvnzAiWbPQK+BQuIlFA4lii:/1sYhRrOUn8AH8NjGMlAhr9iIV
                                                                                                                                                                                                                                                                        MD5:EEBEE9670CFBE610C723F0FBF219C836
                                                                                                                                                                                                                                                                        SHA1:35F843D45886AC31773BB437580B5B423923F911
                                                                                                                                                                                                                                                                        SHA-256:CF3B603A78EAA24C63B082A4CD3936C139CD1885B6D3E60BA58FD47201BD374E
                                                                                                                                                                                                                                                                        SHA-512:C71AE264BF958A95E741B58BD1BBBE9ED975281EDBD95B25D1C5479E6EDA9C85B4DFC861B7B72B6A566B158E495B12CC835B17A4F5A35B32B6361E0F984BFF65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME......$...S...`IDATh...MJ.@.........".Bv.....7p..[..v.......,...i5..B......7Ig..43?.3yi'..[...3.........Qb..<x.(...%...@..6.t.k.[.....H...).R.P..(. X'..........Q.Q.@....@S...: 2.l.BU.AY.8*..#v..;.J2v....`.!....4.B....t..X....`>...\.]...4I.......8..<:...Tx.X.0....X./...%p.1.W.A.....e...Nf..ES.....cx..o..0..L..S#.......;0......^.....([.x..kx..j...{p...0.?...0.rL~.6B.`t.nT..+.3.|..].O..$...../Q_..,..$....v......e...)p..|.a........O...%..j[;@. .6=d...y.....aj4lz..C..m.Bij....=W%.6.o.}ETk...m.;..u.#.../I..}.....=T.]u*.2.N U.. .cX.y..a...^l..j...M@.D......a....<UA..$.@..a.......}R.x.$p.W..}...)4[8.q.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-3Q6FH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):363
                                                                                                                                                                                                                                                                        Entropy (8bit):6.997646592515667
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:6v/lhP2WwlqC19ghmqbMYO3RewQLzM1dVdsgj4TAqK4cOeQPJJEkGKWVp:6v/7WQ2KPPM1VjUAt/laKkGKU
                                                                                                                                                                                                                                                                        MD5:58967A69295A833A93B30E1A3D03C333
                                                                                                                                                                                                                                                                        SHA1:B0F984616A3EB0856284D6F5C98415510FB55E7F
                                                                                                                                                                                                                                                                        SHA-256:3278F339F9A3964D92C1BEF5C4E0A300C9C68587CDDA0F7A82B34FD73B95B409
                                                                                                                                                                                                                                                                        SHA-512:B1FA11ADB2DEBB9F5595DE056985BD39F9DF5A4F925DCDCFEB24A2BC500376C17FF42BF0644BD158D91C38CDD806C3AF7F2E22D041398EE092FE1C776FF86B85
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............q.6.....bKGD..............pHYs..........+......tIME.....03V.>.....IDATH...J.1......E;.].......x...Fg_.G.../.W.|S._....3h.".....Czv0i..A.!.KB...|Y{..2....../.VjS...'.k.x....v.?.@.U _..T.....\..4?:|LaL..K./8K/.......\...c...^.-p.K...U.s......gK..)...TY^..x.+N.5.........I...&waB.1jY,..'j.Y.b.v.N'?...4....o(J1v..T.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-5DKMA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):597
                                                                                                                                                                                                                                                                        Entropy (8bit):7.446044912854569
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7NZFGnsl0cBhl9iF1Qhn9MfpUL7toskF5LGAim0ocq3nwwKKiN:i8slXGF1QhnKKLGi83iN
                                                                                                                                                                                                                                                                        MD5:8F1AF33632BEB4885863AB973CD781E6
                                                                                                                                                                                                                                                                        SHA1:547580EBBA11F0E51E68933F4355BBF981B2E306
                                                                                                                                                                                                                                                                        SHA-256:01698B5F5990658505BEB654446B367D5CCBA0FCA1D893D1C17E79489C379B29
                                                                                                                                                                                                                                                                        SHA-512:696CF1C9831B2528A6040F1F9DF38CACE6F5B992882F2BC48814EC88834921A558F2F0E55FB9921764A0DF885CC50B9A8D191CC3291903D0A6B58F140BFFAF64
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME......:........IDAT8..KVQ....y.$...!R\.I\.tqqpr...s.@..qs...%0.E......I.....Z..... .Po.y.^.....{......{.sB^.%.f1.W.....50...(.j..p......S5.SI...b..<..lt.6...,...8...u..%]...b..&6....M4...2...`.u0...s..Wlc.....N.E..E..Vr.FR.?.Y..q.... .U...F..I.......Y.op.....y..D......3i..y........,.K. .J..&.Yz..*.M[..........!..I......ld1|i..2.E.a,....S.#y..Y..i.O.....(.b..m..L.|%........1.R..9/....X.Y,&.5.4>..|....m..(o..b......c...=.S.;...N.CH[..^f1..qb<O}.~......'.V._....b.^.t...M..K'.K....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-67DUQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 32 x 80, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1603
                                                                                                                                                                                                                                                                        Entropy (8bit):7.766393035061922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:tOvzUQQyWWYpwUbDBHeNAbVp42j5dMa5H:tWU/yWWYjbDBf4Cv7h
                                                                                                                                                                                                                                                                        MD5:F6264DDCEA613DC98D253BCB9B1FE484
                                                                                                                                                                                                                                                                        SHA1:FB85C887F5EF5440FE9837D7A8E578DBDE4DDB8B
                                                                                                                                                                                                                                                                        SHA-256:283DD43C10FF331011938D962F9B49C4D85D92AC044DC779A9EAE38640FD62DE
                                                                                                                                                                                                                                                                        SHA-512:CE052311662DBBF39D86963F0ACAA42713735101F15A16839584E1D6EACFB5FDA68381EDCB52F226A14D0B217B95FA4D5AD44186CF4A02830C52EE74CA617F42
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR... ...P.....xXw5....bKGD..............pHYs..........+......tIME......2Z......IDATh..kl.U....-..bk.H"zJ.(1. ..`.......*.4."..T..,..~...`..I5E...J.`J.......(D.....P.....~.,......I6.3s.....{.=wB.X....e.B..x.....|....E...$......6.k}...T.H[F..j.p..PD....Nb......v.O..U...@.2WD~..@U...dN.E.3..T...5%,.|..5%.......Z.x<..u....q=LmM).u.V..X2},..E..^_..r7>.9..v\.5.eS.h...j4..&.....p.cSY..^...w..H.. .~...nT..`EU;.wDYQ.N.r..xe...mS..4T.N.(.Wl./...e.\}..*o..o..p?...S....i~....H._.88...^..v.n.E........z.u.AO....A..y.A[g....w...*c....-....$....t.....Y...O...!v..........@XU.,zjn......S>....m.C(..x.._Uca.AU......x;6b...]H.D..c!h.:...cl..0..u.".H..@D^.HH>.h)F..&CO....I. .....|'......|a1>...;....G.J....K....Uu..)..QN..Gv....a.K[<p3....H.G.V..L...*"..0..Xb.["".B.H.3`..B+Pn8N).&....[..E..j{.e.=..HM..<'.t'.'.."...R\.+.....AD^...Tu.p..4.{..].....S"....Uu4...f)...f.H.g8V.I..,.@DB.c.....Y...o8..%..$M.Tu<p...rY4./._..1AD.'b`#...C....f..R.....F.[}@U.....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-FNBM0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):504
                                                                                                                                                                                                                                                                        Entropy (8bit):7.275571489523102
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxvhbFNUklTDVkB8TFMMOdlKKyYxAPG7AfGA4xCrx8Xv:55JN76B8TC5dlKKj7AeAif
                                                                                                                                                                                                                                                                        MD5:921DB78A66A3136C5866505D07BB29DD
                                                                                                                                                                                                                                                                        SHA1:B2E64DBE7E6DD9CDFA1590C8E4921796AAC81E7C
                                                                                                                                                                                                                                                                        SHA-256:62CCDA5C25930E2828891D7278A204DE4D3F35A2C6DA8CA029E9F859E34C4ABC
                                                                                                                                                                                                                                                                        SHA-512:A0B25C167E3DA1C2992473BDA15D7D10FAC0728421DD2CE27C165B8DB895E7CC349728382437D8F46EB38F0B36594DD0B3F3DC5912CF6FEF6FAB66D919F7CCFE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.......\5.....IDATH..1n.@.E...6.Uz."..p.."Q..9.e.%......H.)).%Mr.HH...$.:...l`w=."....._o.....8..5...`.S...~.5......"..9.!..S$("..3..8..4..C.....).....=....,d..d.pK.@2Zs..A.W*....o..I..-.Yk.A.{N..t@9...YKtH&j..%...Z.T.!.=n.~.!......T+.:.:.xV~..3...8..1.c(......;.T*..5w._.x...j.P=..7y......)..B..".)..3..M.+.-7....&!..h.._.|.v...P../.....k....R[.d..iM.j.TM...f..y@.j..U5..>...A...Y......|Y.c.1.A....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-IKLOG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 28 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                        Entropy (8bit):6.854308103958898
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7I7PI/kFxNu/V0T0fCKBKkJCPbK1lwEcJz:7PlPoBKaCTK1rcJz
                                                                                                                                                                                                                                                                        MD5:835A1AC950006E5E0CB1F296BEA85DB0
                                                                                                                                                                                                                                                                        SHA1:D07388741EED5F29C83802519FC7DB7FE86E8163
                                                                                                                                                                                                                                                                        SHA-256:C448D3B58A8336780D31CF73F87EA2805B5786A7DB985A48C3B3EE4B4BC4E2C0
                                                                                                                                                                                                                                                                        SHA-512:5F5EBA5A8EAACBE02A3C01D9E689AB169EAFF9F1C09F0DDB289E92287A809089E72D8ED5E2FDBC16476AB64B66ACB799D4F75B5929A2D08543E8DA5A407ADBA6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......#......!j.....sRGB.........gAMA......a.....pHYs..........(J.....bKGD..............tIME.......@M.9....IDATXGcdX.$.'....E/..,....&..[.......,.......:...n.....0....`3.b!.....".........f&J.R.2.@7.p.......[.AD.....`.YHD.a..zH.!r.Z......V...I..-$'8a..^.|x..a(........!.`.Z./.H....Cb|@./G..I.....?H!M}.e.[..(.4 ..........CX"....P.......l`.../0...jlmm.4...CRR':...Rk.|H{.....q...{>d`..1...o.......IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-JE8KI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):707
                                                                                                                                                                                                                                                                        Entropy (8bit):7.4418596058676645
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7GmBjAkh8fjIqLe7yagUPqvMPwE5t7frC1Tt00JETw0jg3Or2ksPd:/mBjAkh8fsqa7W2wEPDov3oQl
                                                                                                                                                                                                                                                                        MD5:45E0091B87215F768F524DBBEDEDD74E
                                                                                                                                                                                                                                                                        SHA1:9835B0E117146128C5EED7E43FBE1602C5C1BC23
                                                                                                                                                                                                                                                                        SHA-256:576467863491FAEDE8053F95BD0C66CF3C273F6B27A05984F81F51AA289191BE
                                                                                                                                                                                                                                                                        SHA-512:D627E4A81E32542A455A26B775E6CE30580658F4443CB84CF23022ADEC83A315264CE3FAEDD4315A62625843582396B76E994C6C0A91C2C63BB514B05B9ABE6B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME........-.%...PIDATh...1R.0...;?.W@E.".`.@..<.2?....R....4.M&...DCf.cY'..t2.....,..IFP..s...DD.~a.A.;*.......5.H.`... ..........F.....T....|.SQbA..As....` .B....B....810...@.H.......H....+.<.....(...\"B.F..u....]........~^..C7q..k.zp.Lh.p..{z.EG.. #.Z'........ w....c.^9*.!v....3.&.!>-Zp..../.... 7.......O...>.f.*y..3....G.....)=.......+G...... F...G....`.b+.QV..WB0.1.";.....F.~+.?.D..L.p7...j.0.~..R...W...T...N.Z..2~...j,..@....3bi.#4.&..&y..d3V.#j...k.,.K...C%...%..s..yj.....7sJK]A..&p.D_17.$^../..).Z"a6"..zd...ZO.Q B..@r.H..1.N.R1.A......)~:?...E. .".#...7xrA4~;.C..1.._....}J.T.&0.j....aL#/.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-JRD6M.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):619
                                                                                                                                                                                                                                                                        Entropy (8bit):7.419166205831757
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7mDiFdr85Wibc7ez5jD2rSafCbOSVZ/jUHxyZCPpIV7RFvIdhR:DUvibcKztD2rnCqSDgQZApMdFvIdD
                                                                                                                                                                                                                                                                        MD5:C9A2D0DC2F22EC069650A82E64CEBB71
                                                                                                                                                                                                                                                                        SHA1:4FCC6F1A04A19B75E64A84943135DACF68488E2F
                                                                                                                                                                                                                                                                        SHA-256:9EA075327886EA4157DF25A64D9402EC6ACBEF24EE06C1D5DA3AEF96197F26EC
                                                                                                                                                                                                                                                                        SHA-512:356299EE44CFA760098AF2CB1EDEF250A5DEC285C0338B49A7F37B9B2D661353C4C356FD1FBE586A0C3844A665FE9B1C2DA38C735B6ED26DDCADA68772E47744
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....*........IDATx...Mr.0..`....g....e.\..:.fh.~.,...._.D.mpI:Zk.s>..cD..?....d.`V...fG.D.. . 8....g... ...... `B0..+N.........."!2..(G .."..^.....w ..t ?Fc.....a.}v..2.....6+.Cx.f...\F<.HV.h.....s<.J..7..e....E.W.1h;...++...C..\.}.....Ht..5......y......kL....h2..j.AhQ".J.1.....prY..X...(..~.7Vf.....7#.cC.{O...y...Dt\..i......=C{.e..+e./..J...].T...#.=M..jx......6..{w2}z1sF..q......<Af....M#.vI.k.NE.+.{.Vm....Z..1.H..G+H.J..X...e.ri/H.......>.....d.l.`...0a...-.:..{.P.o.Rn.o6....0.....2.[.&......IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-M3GR5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5886
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                                                                                        MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                                                                                        SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                                                                                        SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                                                                                        SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-MI2BU.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5886
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                                                                                        MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                                                                                        SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                                                                                        SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                                                                                        SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-NRSUS.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):505
                                                                                                                                                                                                                                                                        Entropy (8bit):7.311302195073986
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxmVcG25JcQqCKNaPzPmsI+BRBN3TMj2QQ:5oVDW2+BV37h
                                                                                                                                                                                                                                                                        MD5:8A33D6B05882AB755DFC9EE9C30526E1
                                                                                                                                                                                                                                                                        SHA1:FCFF4675AAE6CA1DD1AC67276779E023F33BC7FF
                                                                                                                                                                                                                                                                        SHA-256:234923BC14F06948F335599612BAE4E7CC422A8F6B8C0DEE34612618874A4149
                                                                                                                                                                                                                                                                        SHA-512:3FD3A3827DFD409B37FEE63547527A778AF589895D8136279FB3C4940EFB166017951FE5B0E30BCA95D19E57FD63DB38C6D21CF439084492FBC1287820260207
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.........d....IDATH.U1O.@.}_u...d.[.....?...B\]...,n]\.1)1...F..I#..e.D......w.q$.4..}...zWbf....d.h|~..H5...9...i..h.`.:...r"tR..f.=K?..4.I..vO..&0^..W{...t.W%t[ d./...%.......Z..f........<..sw..6v:....8o..R..g...2....J0..c.....^....1..iVUM_.eU.I...s2z..B.....a.......x.....67.Q@..F|..._...;.'...jL.R....jLk...mD.4AuX.%"..h... Vk...F.....i....-c0.R.[FR...lLge.(...-MH^.....=D.q..!..}D......Y..)....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-S3T0U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):527
                                                                                                                                                                                                                                                                        Entropy (8bit):7.318123094870197
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxqPIQ2+gvx+GZgCqWeJImCZx93IKOncOD:58DM4CJqWeizhZCcOD
                                                                                                                                                                                                                                                                        MD5:2D9E64B327D7DA0985A12E7E0A5425F4
                                                                                                                                                                                                                                                                        SHA1:00C63CA44D76210664A3FAD141E15A9A5A41720C
                                                                                                                                                                                                                                                                        SHA-256:D6B4699B0F3F69472163785DD20592C8BBB45FFF3843CB75D09CA9AF8AF66CB8
                                                                                                                                                                                                                                                                        SHA-512:27AFC9ACEC960911193EC1F3E939C5594DB0D0EA40A3590BBC9F24F0A51B1B5391696F9FC66042F2A475F539D7709EB04CEAE8A6741B58A8AE7F076C6D681A4B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME......&...i....IDATH..?N.0...vm#eb..J=@r...:p......=..\.....,p..Jao.H.+...&4..R.......g. ..@R...I..........B.C..B.WHS.Y..!...YP...-..P!....*d..N...i"..0L.....O......_..N.:.....i0...R.@....*..W.K}<../...^..;...j..n.l..u.J.S.^..<.}.t+...$.".q.....td.z}..R....r.r....3.5.(rn1."h.......T.:9........&...5.......0.`.....r..K.*.<. .8.mB2...}...>.6D[B.5.J.^+.......2.....i+.j.VM.3...7..J\..l..|.....O..8........0..Q{:....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-SN4JM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                                                                        Entropy (8bit):7.426141389563401
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7mDiFdklN0XVdLVd4tdOEMM018x56ps6zEL1J1lx70xbHYsAZhrljEXJ:DUklNmVdLV+dMM018ys5L15N0xLYhZBm
                                                                                                                                                                                                                                                                        MD5:BE0368A2650AAFCA0B6935E959BFF614
                                                                                                                                                                                                                                                                        SHA1:E55B9E3B7B49B04864E2254075385BACB25ACD12
                                                                                                                                                                                                                                                                        SHA-256:AED337C318176A195EC44E9ACC1D30FB1CC8154FF31F0ACB36DCC57867C50F20
                                                                                                                                                                                                                                                                        SHA-512:59E81D1EA29321E9BDA950188BBC4B531105B8907757EE7BCB1117724CB321F452D7930800D5E789A9BB9A4E38F1EED84E893123D8277196DA7B04CCDD4E6C64
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....).........IDATx..=s. ...........P....k}.A.....9..... B%.m.V..{!B.HY;?.... .......f................B.."A..J..BH.; .....B..{.'.*(- ..".........7...........^...o:..l 4.9........g.*....y.N...5D!.J......Z..........&........zCmM..R..q..^.9......6.Pa...Al.....m.H<.?.{.x.....D....:.!."I.Z.,.I...g.....j...`$.!.....T..x.*B...J..{.S.m.?T!.}..uT0J.&I;.b/Dk.N..L....*~.@.U.. ..4...k.I.f....B....G. .\.!...!R.b.o+.t..qd.V..#..$.T.......C.Fsth4.!QG..@..f..R.....%.(....eh.........ZH.....je.\.@...B.c.(a....ra/...W93@Iw.7.....`".....E..H&.f....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-SP87M.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):179
                                                                                                                                                                                                                                                                        Entropy (8bit):5.695302062158259
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlul4fRAadCmy9h/rywOievplxdGt0skV6UhhJnElnbgsrZsYp0rx1p:6v/lhPVfR19ghmFlyOho5gesE0Pp
                                                                                                                                                                                                                                                                        MD5:036394E78B67C1F5C2E1773B74D148E9
                                                                                                                                                                                                                                                                        SHA1:3B78B52F1C67BBA12A147BFCB805D6F913E70667
                                                                                                                                                                                                                                                                        SHA-256:96200DBE8BD64BDF2A85E1FE45FF2169FA08B080425A0F32E4F08A65D83CAB5B
                                                                                                                                                                                                                                                                        SHA-512:2156BD6E61EA3299F8CB83D9AB1A24062A7AAD743FCED71FBB108AE6F9FC5EBA72843D1619EFA5A9091402631739DDD960C17968B1A4A1027296CECC254C0E65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME........<.s...@IDAT8.c....?......0p.Y...H.......qE..........YHS....C.f....LG........6....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\is-TF6UO.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):187
                                                                                                                                                                                                                                                                        Entropy (8bit):5.975104411893651
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlg5UwjHTAadCmy9h/rywOia85Fxf1v1JClwBWfxvo4AzsOfdp:6v/lhP+KWHT19ghmIFxRiwBYFfAzswdp
                                                                                                                                                                                                                                                                        MD5:8BCC2E16763817795E4E81EC86457038
                                                                                                                                                                                                                                                                        SHA1:050BDB436ADC138D2559D96842A5DD39FA1CF315
                                                                                                                                                                                                                                                                        SHA-256:CDFC96FBA6EFD3F26C779B4A892AFFFC292D451CC94104C3272B258E17204D07
                                                                                                                                                                                                                                                                        SHA-512:E992395ABE6F058F3135F5734789C1F4865F865E763BBB10CCE371BCC191E9DD358C1C633C8597601695B73AC008FC864A1AF6920501731E9FCF1C26344ACC22
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............1.5;....bKGD..............pHYs..........+......tIME......%..{....HIDAT..}.... ......tD?&..LM..8....*.:...=/...mVb....U....@.V.".ge.?.~6r...4Nw..!....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\lock.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):597
                                                                                                                                                                                                                                                                        Entropy (8bit):7.446044912854569
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7NZFGnsl0cBhl9iF1Qhn9MfpUL7toskF5LGAim0ocq3nwwKKiN:i8slXGF1QhnKKLGi83iN
                                                                                                                                                                                                                                                                        MD5:8F1AF33632BEB4885863AB973CD781E6
                                                                                                                                                                                                                                                                        SHA1:547580EBBA11F0E51E68933F4355BBF981B2E306
                                                                                                                                                                                                                                                                        SHA-256:01698B5F5990658505BEB654446B367D5CCBA0FCA1D893D1C17E79489C379B29
                                                                                                                                                                                                                                                                        SHA-512:696CF1C9831B2528A6040F1F9DF38CACE6F5B992882F2BC48814EC88834921A558F2F0E55FB9921764A0DF885CC50B9A8D191CC3291903D0A6B58F140BFFAF64
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME......:........IDAT8..KVQ....y.$...!R\.I\.tqqpr...s.@..qs...%0.E......I.....Z..... .Po.y.^.....{......{.sB^.%.f1.W.....50...(.j..p......S5.SI...b..<..lt.6...,...8...u..%]...b..&6....M4...2...`.u0...s..Wlc.....N.E..E..Vr.FR.?.Y..q.... .U...F..I.......Y.op.....y..D......3i..y........,.K. .J..&.Yz..*.M[..........!..I......ld1|i..2.E.a,....S.#y..Y..i.O.....(.b..m..L.|%........1.R..9/....X.Y,&.5.4>..|....m..(o..b......c...=.S.;...N.CH[..^f1..qb<O}.~......'.V._....b.^.t...M..K'.K....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\pausebutton.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):723
                                                                                                                                                                                                                                                                        Entropy (8bit):7.502991938803606
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7G1sYhROoOG76OFtzvDM28m4mH8qGjGMXOKvnzAiWbPQK+BQuIlFA4lii:/1sYhRrOUn8AH8NjGMlAhr9iIV
                                                                                                                                                                                                                                                                        MD5:EEBEE9670CFBE610C723F0FBF219C836
                                                                                                                                                                                                                                                                        SHA1:35F843D45886AC31773BB437580B5B423923F911
                                                                                                                                                                                                                                                                        SHA-256:CF3B603A78EAA24C63B082A4CD3936C139CD1885B6D3E60BA58FD47201BD374E
                                                                                                                                                                                                                                                                        SHA-512:C71AE264BF958A95E741B58BD1BBBE9ED975281EDBD95B25D1C5479E6EDA9C85B4DFC861B7B72B6A566B158E495B12CC835B17A4F5A35B32B6361E0F984BFF65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME......$...S...`IDATh...MJ.@.........".Bv.....7p..[..v.......,...i5..B......7Ig..43?.3yi'..[...3.........Qb..<x.(...%...@..6.t.k.[.....H...).R.P..(. X'..........Q.Q.@....@S...: 2.l.BU.AY.8*..#v..;.J2v....`.!....4.B....t..X....`>...\.]...4I.......8..<:...Tx.X.0....X./...%p.1.W.A.....e...Nf..ES.....cx..o..0..L..S#.......;0......^.....([.x..kx..j...{p...0.?...0.rL~.6B.`t.nT..+.3.|..].O..$...../Q_..,..$....v......e...)p..|.a........O...%..j[;@. .6=d...y.....aj4lz..C..m.Bij....=W%.6.o.}ETk...m.;..u.#.../I..}.....=T.]u*.2.N U.. .cX.y..a...^l..j...M@.D......a....<UA..$.@..a.......}R.x.$p.W..}...)4[8.q.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\platformenemy.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):363
                                                                                                                                                                                                                                                                        Entropy (8bit):6.997646592515667
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:6v/lhP2WwlqC19ghmqbMYO3RewQLzM1dVdsgj4TAqK4cOeQPJJEkGKWVp:6v/7WQ2KPPM1VjUAt/laKkGKU
                                                                                                                                                                                                                                                                        MD5:58967A69295A833A93B30E1A3D03C333
                                                                                                                                                                                                                                                                        SHA1:B0F984616A3EB0856284D6F5C98415510FB55E7F
                                                                                                                                                                                                                                                                        SHA-256:3278F339F9A3964D92C1BEF5C4E0A300C9C68587CDDA0F7A82B34FD73B95B409
                                                                                                                                                                                                                                                                        SHA-512:B1FA11ADB2DEBB9F5595DE056985BD39F9DF5A4F925DCDCFEB24A2BC500376C17FF42BF0644BD158D91C38CDD806C3AF7F2E22D041398EE092FE1C776FF86B85
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............q.6.....bKGD..............pHYs..........+......tIME.....03V.>.....IDATH...J.1......E;.].......x...Fg_.G.../.W.|S._....3h.".....Czv0i..A.!.KB...|Y{..2....../.VjS...'.k.x....v.?.@.U _..T.....\..4?:|LaL..K./8K/.......\...c...^.-p.K...U.s......gK..)...TY^..x.+N.5.........I...&waB.1jY,..'j.Y.b.v.N'?...4....o(J1v..T.....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\platformplayer.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 32 x 80, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1603
                                                                                                                                                                                                                                                                        Entropy (8bit):7.766393035061922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:tOvzUQQyWWYpwUbDBHeNAbVp42j5dMa5H:tWU/yWWYjbDBf4Cv7h
                                                                                                                                                                                                                                                                        MD5:F6264DDCEA613DC98D253BCB9B1FE484
                                                                                                                                                                                                                                                                        SHA1:FB85C887F5EF5440FE9837D7A8E578DBDE4DDB8B
                                                                                                                                                                                                                                                                        SHA-256:283DD43C10FF331011938D962F9B49C4D85D92AC044DC779A9EAE38640FD62DE
                                                                                                                                                                                                                                                                        SHA-512:CE052311662DBBF39D86963F0ACAA42713735101F15A16839584E1D6EACFB5FDA68381EDCB52F226A14D0B217B95FA4D5AD44186CF4A02830C52EE74CA617F42
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR... ...P.....xXw5....bKGD..............pHYs..........+......tIME......2Z......IDATh..kl.U....-..bk.H"zJ.(1. ..`.......*.4."..T..,..~...`..I5E...J.`J.......(D.....P.....~.,......I6.3s.....{.=wB.X....e.B..x.....|....E...$......6.k}...T.H[F..j.p..PD....Nb......v.O..U...@.2WD~..@U...dN.E.3..T...5%,.|..5%.......Z.x<..u....q=LmM).u.V..X2},..E..^_..r7>.9..v\.5.eS.h...j4..&.....p.cSY..^...w..H.. .~...nT..`EU;.wDYQ.N.r..xe...mS..4T.N.(.Wl./...e.\}..*o..o..p?...S....i~....H._.88...^..v.n.E........z.u.AO....A..y.A[g....w...*c....-....$....t.....Y...O...!v..........@XU.,zjn......S>....m.C(..x.._Uca.AU......x;6b...]H.D..c!h.:...cl..0..u.".H..@D^.HH>.h)F..&CO....I. .....|'......|a1>...;....G.J....K....Uu..)..QN..Gv....a.K[<p3....H.G.V..L...*"..0..Xb.["".B.H.3`..B+Pn8N).&....[..E..j{.e.=..HM..<'.t'.'.."...R\.+.....AD^...Tu.p..4.{..].....S"....Uu4...f)...f.H.g8V.I..,.@DB.c.....Y...o8..%..$M.Tu<p...rY4./._..1AD.'b`#...C....f..R.....F.[}@U.....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\playership.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 28 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                        Entropy (8bit):6.854308103958898
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7I7PI/kFxNu/V0T0fCKBKkJCPbK1lwEcJz:7PlPoBKaCTK1rcJz
                                                                                                                                                                                                                                                                        MD5:835A1AC950006E5E0CB1F296BEA85DB0
                                                                                                                                                                                                                                                                        SHA1:D07388741EED5F29C83802519FC7DB7FE86E8163
                                                                                                                                                                                                                                                                        SHA-256:C448D3B58A8336780D31CF73F87EA2805B5786A7DB985A48C3B3EE4B4BC4E2C0
                                                                                                                                                                                                                                                                        SHA-512:5F5EBA5A8EAACBE02A3C01D9E689AB169EAFF9F1C09F0DDB289E92287A809089E72D8ED5E2FDBC16476AB64B66ACB799D4F75B5929A2D08543E8DA5A407ADBA6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......#......!j.....sRGB.........gAMA......a.....pHYs..........(J.....bKGD..............tIME.......@M.9....IDATXGcdX.$.'....E/..,....&..[.......,.......:...n.....0....`3.b!.....".........f&J.R.2.@7.p.......[.AD.....`.YHD.a..zH.!r.Z......V...I..-$'8a..^.|x..a(........!.`.Z./.H....Cb|@./G..I.....?H!M}.e.[..(.4 ..........CX"....P.......l`.../0...jlmm.4...CRR':...Rk.|H{.....q...{>d`..1...o.......IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5886
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                                                                                        MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                                                                                        SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                                                                                        SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                                                                                        SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\shieldedtarget.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                                                                        Entropy (8bit):7.426141389563401
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7mDiFdklN0XVdLVd4tdOEMM018x56ps6zEL1J1lx70xbHYsAZhrljEXJ:DUklNmVdLV+dMM018ys5L15N0xLYhZBm
                                                                                                                                                                                                                                                                        MD5:BE0368A2650AAFCA0B6935E959BFF614
                                                                                                                                                                                                                                                                        SHA1:E55B9E3B7B49B04864E2254075385BACB25ACD12
                                                                                                                                                                                                                                                                        SHA-256:AED337C318176A195EC44E9ACC1D30FB1CC8154FF31F0ACB36DCC57867C50F20
                                                                                                                                                                                                                                                                        SHA-512:59E81D1EA29321E9BDA950188BBC4B531105B8907757EE7BCB1117724CB321F452D7930800D5E789A9BB9A4E38F1EED84E893123D8277196DA7B04CCDD4E6C64
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....).........IDATx..=s. ...........P....k}.A.....9..... B%.m.V..{!B.HY;?.... .......f................B.."A..J..BH.; .....B..{.'.*(- ..".........7...........^...o:..l 4.9........g.*....y.N...5D!.J......Z..........&........zCmM..R..q..^.9......6.Pa...Al.....m.H<.?.{.x.....D....:.!."I.Z.,.I...g.....j...`$.!.....T..x.*B...J..{.S.m.?T!.}..uT0J.&I;.b/Dk.N..L....*~.@.U.. ..4...k.I.f....B....G. .\.!...!R.b.o+.t..qd.V..#..$.T.......C.Fsth4.!QG..@..f..R.....%.(....eh.........ZH.....je.\.@...B.c.(a....ra/...W93@Iw.7.....`".....E..H&.f....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\target.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):619
                                                                                                                                                                                                                                                                        Entropy (8bit):7.419166205831757
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7mDiFdr85Wibc7ez5jD2rSafCbOSVZ/jUHxyZCPpIV7RFvIdhR:DUvibcKztD2rnCqSDgQZApMdFvIdD
                                                                                                                                                                                                                                                                        MD5:C9A2D0DC2F22EC069650A82E64CEBB71
                                                                                                                                                                                                                                                                        SHA1:4FCC6F1A04A19B75E64A84943135DACF68488E2F
                                                                                                                                                                                                                                                                        SHA-256:9EA075327886EA4157DF25A64D9402EC6ACBEF24EE06C1D5DA3AEF96197F26EC
                                                                                                                                                                                                                                                                        SHA-512:356299EE44CFA760098AF2CB1EDEF250A5DEC285C0338B49A7F37B9B2D661353C4C356FD1FBE586A0C3844A665FE9B1C2DA38C735B6ED26DDCADA68772E47744
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....*........IDATx...Mr.0..`....g....e.\..:.fh.~.,...._.D.mpI:Zk.s>..cD..?....d.`V...fG.D.. . 8....g... ...... `B0..+N.........."!2..(G .."..^.....w ..t ?Fc.....a.}v..2.....6+.Cx.f...\F<.HV.h.....s<.J..7..e....E.W.1h;...++...C..\.}.....Ht..5......y......kL....h2..j.AhQ".J.1.....prY..X...(..~.7Vf.....7#.cC.{O...y...Dt\..i......=C{.e..+e./..J...].T...#.=M..jx......6..{w2}z1sF..q......<Af....M#.vI.k.NE.+.{.Vm....Z..1.H..G+H.J..X...e.ri/H.......>.....d.l.`...0a...-.:..{.P.o.Rn.o6....0.....2.[.&......IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\xxx.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):505
                                                                                                                                                                                                                                                                        Entropy (8bit):7.311302195073986
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxmVcG25JcQqCKNaPzPmsI+BRBN3TMj2QQ:5oVDW2+BV37h
                                                                                                                                                                                                                                                                        MD5:8A33D6B05882AB755DFC9EE9C30526E1
                                                                                                                                                                                                                                                                        SHA1:FCFF4675AAE6CA1DD1AC67276779E023F33BC7FF
                                                                                                                                                                                                                                                                        SHA-256:234923BC14F06948F335599612BAE4E7CC422A8F6B8C0DEE34612618874A4149
                                                                                                                                                                                                                                                                        SHA-512:3FD3A3827DFD409B37FEE63547527A778AF589895D8136279FB3C4940EFB166017951FE5B0E30BCA95D19E57FD63DB38C6D21CF439084492FBC1287820260207
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.........d....IDATH.U1O.@.}_u...d.[.....?...B\]...,n]\.1)1...F..I#..e.D......w.q$.4..}...zWbf....d.h|~..H5...9...i..h.`.:...r"tR..f.=K?..4.I..vO..&0^..W{...t.W%t[ d./...%.......Z..f........<..sw..6v:....8o..R..g...2....J0..c.....^....1..iVUM_.eU.I...s2z..B.....a.......x.....67.Q@..F|..._...;.'...jL.R....jLk...mD.4AuX.%"..h... Vk...F.....i....-c0.R.[FR...lLge.(...-MH^.....=D.q..!..}D......Y..)....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\xxx2.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):504
                                                                                                                                                                                                                                                                        Entropy (8bit):7.275571489523102
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxvhbFNUklTDVkB8TFMMOdlKKyYxAPG7AfGA4xCrx8Xv:55JN76B8TC5dlKKj7AeAif
                                                                                                                                                                                                                                                                        MD5:921DB78A66A3136C5866505D07BB29DD
                                                                                                                                                                                                                                                                        SHA1:B2E64DBE7E6DD9CDFA1590C8E4921796AAC81E7C
                                                                                                                                                                                                                                                                        SHA-256:62CCDA5C25930E2828891D7278A204DE4D3F35A2C6DA8CA029E9F859E34C4ABC
                                                                                                                                                                                                                                                                        SHA-512:A0B25C167E3DA1C2992473BDA15D7D10FAC0728421DD2CE27C165B8DB895E7CC349728382437D8F46EB38F0B36594DD0B3F3DC5912CF6FEF6FAB66D919F7CCFE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.......\5.....IDATH..1n.@.E...6.Uz."..p.."Q..9.e.%......H.)).%Mr.HH...$.:...l`w=."....._o.....8..5...`.S...~.5......"..9.!..S$("..3..8..4..C.....).....=....,d..d.pK.@2Zs..A.W*....o..I..-.Yk.A.{N..t@9...YKtH&j..%...Z.T.!.=n.~.!......T+.:.:.xV~..3...8..1.c(......;.T*..5w._.x...j.P=..7y......)..B..".)..3..M.+.-7....&!..h.._.|.v...P../.....k....R[.d..iM.j.TM...f..y@.j..U5..>...A...Y......|Y.c.1.A....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\badassets\xxx3.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):527
                                                                                                                                                                                                                                                                        Entropy (8bit):7.318123094870197
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7CxqPIQ2+gvx+GZgCqWeJImCZx93IKOncOD:58DM4CJqWeizhZCcOD
                                                                                                                                                                                                                                                                        MD5:2D9E64B327D7DA0985A12E7E0A5425F4
                                                                                                                                                                                                                                                                        SHA1:00C63CA44D76210664A3FAD141E15A9A5A41720C
                                                                                                                                                                                                                                                                        SHA-256:D6B4699B0F3F69472163785DD20592C8BBB45FFF3843CB75D09CA9AF8AF66CB8
                                                                                                                                                                                                                                                                        SHA-512:27AFC9ACEC960911193EC1F3E939C5594DB0D0EA40A3590BBC9F24F0A51B1B5391696F9FC66042F2A475F539D7709EB04CEAE8A6741B58A8AE7F076C6D681A4B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME......&...i....IDATH..?N.0...vm#eb..J=@r...:p......=..\.....,p..Jao.H.+...&4..R.......g. ..@R...I..........B.C..B.WHS.Y..!...YP...-..P!....*d..N...i"..0L.....O......_..N.:.....i0...R.@....*..W.K}<../...^..;...j..n.l..u.J.S.^..<.}.t+...$.".q.....td.z}..R....r.r....3.5.(rn1."h.......T.:9........&...5.......0.`.....r..K.*.<. .8.mB2...}...>.6D[B.5.J.^+.......2.....i+.j.VM.3...7..J\..l..|.....O..8........0..Q{:....IEND.B`.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):131480
                                                                                                                                                                                                                                                                        Entropy (8bit):6.84563405497219
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
                                                                                                                                                                                                                                                                        MD5:43DAC1F3CA6B48263029B348111E3255
                                                                                                                                                                                                                                                                        SHA1:9E399FDDC2A256292A07B5C3A16B1C8BDD8DA5C1
                                                                                                                                                                                                                                                                        SHA-256:148F12445F11A50EFBD23509139BF06A47D453E8514733B5A15868D10CC6E066
                                                                                                                                                                                                                                                                        SHA-512:6E77A429923B503FC08895995EB8817E36145169C2937DACC2DA92B846F45101846E98191AEB4F0F2F13FFF05D0836AA658F505A04208188278718166C5E3032
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h4h.:.h.h"h.:.h.h%h.:.hN.jh.:.hAh=h.:.h.:.h.:.h.h+h.:.h.h3h.:.h.h0h.:.hRich.:.h........................PE..L...~..S...........!.........h......wd.......@......................................EA....@.........................pr..G....j..P........................g......d....A..............................._..@............@..X............................text....,.......................... ..`.rdata...3...@...4...2..............@..@.data....0...........f..............@....rsrc................|..............@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):144280
                                                                                                                                                                                                                                                                        Entropy (8bit):6.553148474736184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
                                                                                                                                                                                                                                                                        MD5:0DAF9F07847CCEB0F0760BF5D770B8C1
                                                                                                                                                                                                                                                                        SHA1:992CC461F67ACEA58A866A78B6EEFB0CBCC3AAA1
                                                                                                                                                                                                                                                                        SHA-256:A2AC2BA27B0ED9ACC3F0EA1BEF9909A59169BC2EB16C979EF8E736A784BF2FA4
                                                                                                                                                                                                                                                                        SHA-512:B4DDA28721DE88A372AF39D4DFBA6E612CE06CC443D6A6D636334865A9F8CA555591FB36D9829B54BC0FB27F486D4F216D50F68E1C2DF067439FE8EBBF203B6A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..7...d...d...d..Vd{..d..@d...d..Qd9..d...d...d.Id...d...dq..d.._d...d..Gd...d..Dd...dRich...d........PE..d...p..S.........." .....F...........t.......................................0............@.........................................p...G......P........................g... ..h...0c...............................................`...............................text...fD.......F.................. ..`.rdata...J...`...L...J..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):140696
                                                                                                                                                                                                                                                                        Entropy (8bit):6.856834819192468
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
                                                                                                                                                                                                                                                                        MD5:42E2BF4210F8126E3D655218BD2AF2E4
                                                                                                                                                                                                                                                                        SHA1:78EFCB9138EB0C800451CF2BCC10E92A3ADF5B72
                                                                                                                                                                                                                                                                        SHA-256:1E30126BADFFFB231A605C6764DD98895208779EF440EA20015AB560263DD288
                                                                                                                                                                                                                                                                        SHA-512:C985988D0832CE26337F774B160AC369F2957C306A1D82FBBFFE87D9062AE5F3AF3C1209768CD574182669CD4495DBA26B6F1388814C0724A7812218B0B8DC74
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.u...&...&...&.@r&...&.@d&...&.@c&...&=.,&...&2@{&...&...&...&.@m&...&.@u&...&.@v&...&Rich...&........................PE..L...~..S...........!.....@...z......*l.......P......................................x.....@.........................`...G...l...P........................g...........Q.................................@............P..X............................text....>.......@.................. ..`.rdata...E...P...F...D..............@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):149912
                                                                                                                                                                                                                                                                        Entropy (8bit):6.586184520889439
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
                                                                                                                                                                                                                                                                        MD5:0EAAC872AADC457C87EE995BBF45A9C1
                                                                                                                                                                                                                                                                        SHA1:5E9E9B98F40424AD5397FC73C13B882D75499D27
                                                                                                                                                                                                                                                                        SHA-256:6F505CC5973687BBDA1C2D9AC8A635D333F57C12067C54DA7453D9448AB40B8F
                                                                                                                                                                                                                                                                        SHA-512:164D1E6EF537D44AC4C0FD90D3C708843A74AC2E08FA2B3F0FDD4A180401210847E0F7BB8EC3056F5DC1D5A54D3239C59FB37914CE7742A4C0EB81578657D24B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Pr.P.............As.e....Ae......At.:.....;......Al.........p....Az......Ab......Aa.....Rich............................PE..d...p..S.........." .....Z..........@|.......................................@......b.....@.............................................G.......P.... ...................g...0..h...0s...............................................p...............................text....Y.......Z.................. ..`.rdata...L...p...N...^..............@..@.data....<..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):127384
                                                                                                                                                                                                                                                                        Entropy (8bit):6.856313478886397
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:yq8Iw0TnMfrUEuKo+w/lT35oBqhSw3kmuqW3Crf0d3N1NsCeOEy6jCMpOEsC:yq8IdTMTyXUR2JJry3NreOnMpOu
                                                                                                                                                                                                                                                                        MD5:5F1A333671BF167730ED5F70C2C18008
                                                                                                                                                                                                                                                                        SHA1:C8233BBC6178BA646252C6566789B82A3296CAB5
                                                                                                                                                                                                                                                                        SHA-256:FD2A2B4FE4504C56347C35F24D566CC0510E81706175395D0A2BA26A013C4DAF
                                                                                                                                                                                                                                                                        SHA-512:6986D93E680B3776EB5700143FC35D60CA9DBBDF83498F8731C673F9FD77C8699A24A4849DB2A273AA991B8289E4D6C3142BBDE77E11F2FAF603DF43E8FEA105
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h8h.:.h.h.h.:.h.h)h.:.hN.fh.:.hAh1h.:.h.:.h.:.h.h'h.:.h.h?h.:.h.h<h.:.hRich.:.h........................PE..L...}..S...........!.........j......#T.......0......................................r.....@..........................c..b....Z..P........................g......<....1..............................(P..@............0..`............................text............................... ..`.rdata..r4...0...6... ..............@..@.data....0...p.......V..............@....rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):140184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.5832665674944435
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
                                                                                                                                                                                                                                                                        MD5:61BA5199C4E601FA6340E46BEF0DFF2D
                                                                                                                                                                                                                                                                        SHA1:7C1A51D6D75B001BA1ACDE2ACB0919B939B392C3
                                                                                                                                                                                                                                                                        SHA-256:8783F06F7B123E16042BB0AF91FF196B698D3CD2AA930E3EA97CFC553D9FC0F4
                                                                                                                                                                                                                                                                        SHA-512:8CE180A622A5788BB66C5F3A4ABFDE62C858E86962F29091E9C157753088DDC826C67C51FF26567BFE2B75737897F14E6BB17EC89F52B525F6577097F1647D31
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.k6...e...e...e...e{..e...e...e...e9..e...e...e..e...e...es..e...e...e...e...e...e...eRich...e........PE..d...p..S.........." .....4...........b....................................... .......1....@......................................... ...b...D...P........................g......h...@S...............................................P...............................text....2.......4.................. ..`.rdata...L...P...N...8..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\celua.txt (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):215333
                                                                                                                                                                                                                                                                        Entropy (8bit):4.786182096058482
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:VcIxsXTXvMeRTWJANaOOwubWiSe65oCmL/+5y/McvJVNry++Ctso2NwVWy+cOcEV:JLSRgun
                                                                                                                                                                                                                                                                        MD5:924416232DF99AEF96A2D9E8125AFE78
                                                                                                                                                                                                                                                                        SHA1:7F29A338CEFA00BE5FCDC8B94C41FFC31EE625B9
                                                                                                                                                                                                                                                                        SHA-256:77C6D324F03A8429BCE858824CFFFCFB7A50D39616D2F9D2729910E086F5AD9A
                                                                                                                                                                                                                                                                        SHA-512:470C55E302C86353584EEABB3510B4EFF6353ED16F549DB7C155B2C8283216F2B413D77C9FE20A12F6F55A07C9BE24614DF3A8F5B2CABF1597010249239D63F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:List of CE specific functions and variables:....Global Variables:..TrainerOrigin : A variable that contains the path of the trainer that launched cheat engine (Only set when launched as a trainer)..process : A variable that contains the main modulename of the currently opened process..MainForm: The main ce gui..AddressList: The address list of the main ce gui......Global Functions:..getCEVersion(): Returns a floating point value specifying the version of cheat engine..getCheatEngineFileVersion(): Returns the full version data of the cheat engine version. A raw integer, and a table containing major, minor, release and build....getOperatingSystem(): Returns 0 if CE is running in Windows, 1 for Mac....darkMode(): Returns true if CE is running in windows Dark Mode. Has no effect on mac....activateProtection(): Prevents basic memory scanners from opening the cheat engine process (Not that useful)..enableDRM(altitude OPTIONAL, secondaryprocessid OPTIONAL ) : Prevents normal memory scanners f

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):309664
                                                                                                                                                                                                                                                                        Entropy (8bit):5.8237432164000404
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:TDwf7I4zq0ZDVQ5uIqp5rkenPajp80Gc5:T0f7Bz/G5uImQaPajp3
                                                                                                                                                                                                                                                                        MD5:59089C96334966EDFFC70BF4AE829910
                                                                                                                                                                                                                                                                        SHA1:8DC37D6F2364749D52DB1BCB9AD9FE30FB93930D
                                                                                                                                                                                                                                                                        SHA-256:49A55638C5A0F8112B89C45A24A2BCD102FF5DE2D22386649D7F6FFD283AF1FD
                                                                                                                                                                                                                                                                        SHA-512:3EDD411905298FDE78DF57B063B4B2000FA2D16F0E1A14E8940D4FBC2226C1CBA6925C47D3BECC10E76BBA9C5864CF671F5EF3B29CFA430823D0FA9BF9BBC3A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................e.......).. .............@.........................................................................`..d....p...............N...k......|...........................P........................b...............................text....e.......f.................. ..`.data................j..............@....rdata...~..........................@..@.bss.....)... ...........................CRT.........P......................@....idata.......`......................@....rsrc........p......................@....reloc..|........0..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12807608
                                                                                                                                                                                                                                                                        Entropy (8bit):6.604078603198481
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:393216:ueBcnBaXXA3MnU+239JmqUKSw6knnbWUuMu25s8U:uis/c2GF
                                                                                                                                                                                                                                                                        MD5:5BE6A65F186CF219FA25BDD261616300
                                                                                                                                                                                                                                                                        SHA1:B5D5AE2477653ABD03B56D1C536C9A2A5C5F7487
                                                                                                                                                                                                                                                                        SHA-256:274E91A91A7A520F76C8E854DC42F96484AF2D69277312D861071BDE5A91991C
                                                                                                                                                                                                                                                                        SHA-512:69634D85F66127999EA4914A93B3B7C90BC8C8FAB1B458CFA6F21AB0216D1DACC50976354F7F010BB31C5873CC2D2C30B4A715397FB0E9E01A5233C2521E7716
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................./......&h..t...q...<.......@h...@.................................$........................................P...........................k..................................P@h......................\..L............................text....&h......(h................. ..`.data....t...@h..v...,h.............@....rdata..X.B...u...B...u.............@..@.bss.....q...............................CRT.........@......................@....idata...H...P...J..................@....rsrc............ .................@.../4..................................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe.sig (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.551821770808043
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:SNjBeQx+FGOujzBAk+skvy2a4nfJKnBTa6C:+jkk+dsAk+Fzag+BTab
                                                                                                                                                                                                                                                                        MD5:ADAFB7CDCA51FC803718F25172652DD3
                                                                                                                                                                                                                                                                        SHA1:DD882B60A842B0992F478349898415A857934330
                                                                                                                                                                                                                                                                        SHA-256:B1B61B2570DBAF2747C4862B8429424514D300A7E14B5065C8BBB4B751179E7E
                                                                                                                                                                                                                                                                        SHA-512:D0B3D17F0F1EFB8F2F0BCAA1295AED08043F0218BCFA092A47D46308911EC4BC2441711CAB300B852DE3DBCED1C83536750B1A77A75EAE5C8CBF95991AA88714
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.CaG.(9......q.5..4S..%..+...U*.>{5.......M.....-..kF.....7.."z..W.Lc...."6/.V.N..p.YC?...:m.D.k.T....u.0...c.U.h...\;1`.`B..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16708024
                                                                                                                                                                                                                                                                        Entropy (8bit):6.11289505731243
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:196608:H/KthjnNWKtC5bqOrXSFjmnIQGQCW/4PRtYRN3Ticx8cP:fKthjnNWKtC5bqOrXSjmnxGQaTdy8c
                                                                                                                                                                                                                                                                        MD5:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                                                                                        SHA1:94A15930AAF99F12B349BE80924857673CDC8566
                                                                                                                                                                                                                                                                        SHA-256:8CAEF5000B57BCA014EF33E962DF4FCA21AEAD0664892724674619EF732440AD
                                                                                                                                                                                                                                                                        SHA-512:6FF910BB4912FEA1FA8FD91E47AE6348C8BF2EFF4F2F5F9EF646A775CA1ECFEF02C23F81BAF6FE2D0B0BDDA7617D91DF52E75DC6063E86EA0444B0538CBD4E6C
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{.....@....=........@......................................!.......................................................P...............p..L........k..................................p.{.(....................i..H............................text.....{.......{................. ..`.data.........{.......{.............@....rdata...qa......ra................@..@.pdata..L....p.......F..............@..@.bss....@....0...........................CRT.........@......................@....idata...b...P...d..................@....rsrc............ ...d..............@.../4......(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe.sig (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.561254441246199
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:OP/KrtviZQl8kimG0bj/xeRBtjajKdp2tAdNQL6aj:8/XQl823j5eRBtOjK2tGNe6aj
                                                                                                                                                                                                                                                                        MD5:735EAEA06DAE6CD67680127419FBA366
                                                                                                                                                                                                                                                                        SHA1:A38126141A4266CDBA17B22CBC4588D88CCFCEB5
                                                                                                                                                                                                                                                                        SHA-256:5A2D3E0F10E3701DFB251C3F270B00493CEAD1C3D1CEB34FF976D70C57DC1B58
                                                                                                                                                                                                                                                                        SHA-512:92374BDC99BDDDCC2A8B74049B9FF1623EE03B505BA2607E31301F95F2DF8EF3513ECAD4491E2B6B61934F64816E3E9AD3FA3B0914E96D6E55A4B4DF4ED5E028
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.....s.....N..-.........YI .....L.`0......H...Ko.Y....f....Z.pe....... ..)..3.Go...F..s.U.C....{../._U.}|.."*x..z..bn.D.>;....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16718264
                                                                                                                                                                                                                                                                        Entropy (8bit):6.110071636301838
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:393216:sjcp4nsiRMX7ZbqE14ImAfltGYav/HX8h:bbqE1RmLvvY
                                                                                                                                                                                                                                                                        MD5:EDEEF697CBF212B5ECFCD9C1D9A8803D
                                                                                                                                                                                                                                                                        SHA1:E90585899AE4B4385A6D0BF43C516C122E7883E2
                                                                                                                                                                                                                                                                        SHA-256:AC9BCC7813C0063BDCD36D8E4E79A59B22F6E95C2D74C65A4249C7D5319AE3F6
                                                                                                                                                                                                                                                                        SHA-512:1AAA8FC2F9FAFECBE88ABF07FBC97DC03A7C68CC1D870513E921BF3CAEAA97128583293BF5078A69AECBB93BF1E531605B36BD756984DB8D703784627D1877D1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{..........=........@......................................e.......................................................p...........................k..................................p.|.(.......................H............................text.....{.......{................. ..`.data.........|.......{.............@....rdata...xa......za................@..@.pdata...............n..............@..@.bss.........P...........................CRT.........`.......&..............@....idata...b...p...d...(..............@....rsrc............ ..................@.../4..................................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe.sig (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.608714005689305
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:/toxN4m4GbUss7S2tY1wnwi9DU4liplagVMlWqOUFgaUSR708:Lm4GbnkSHunwlaiplNmlVOUaar08
                                                                                                                                                                                                                                                                        MD5:FE5E5B8B50F441DD772BFA1996AC744E
                                                                                                                                                                                                                                                                        SHA1:11D00533ADE98E94C7C6609F4E4B002A94CB440C
                                                                                                                                                                                                                                                                        SHA-256:A769BC72C97106722BF5CE8D76AFDC3EC54FC38931872B0637D8B7A281FFFE22
                                                                                                                                                                                                                                                                        SHA-512:559FB92A2C58B84AC1CDA6115AA175B0285EA98903EB1F6C91E3A0ECF39F6D667711F97D0EFF8CD98BA25256EC7B339E38D892A90186DB482587E1A80462A6EB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.^..'....'..d.]-+4.].....Q..m...bs...w.M.kTBU..5C...e.....].a..0.N+rF^.-..\......f...B).#H......XM....Ej`.q....I.3p...p:.(.Y

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\clibs32\is-6GF3S.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):109568
                                                                                                                                                                                                                                                                        Entropy (8bit):6.474745502920158
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:3jVqSAqTNsYdNB3XT8le/lqWG3v0ESpz7cv+qsWjcd4JJ:3jgYd3T88Up/0wu+J
                                                                                                                                                                                                                                                                        MD5:B0A3CB1FC2B5195842E8BF12FD9B87F4
                                                                                                                                                                                                                                                                        SHA1:EDC423C35A48EFFC139A224C10D1EDDE42B31BCE
                                                                                                                                                                                                                                                                        SHA-256:D39677CF84E33E4A55494D0AB4873B9F3BE16F83AD381B72B14D6C62CEF71518
                                                                                                                                                                                                                                                                        SHA-512:B93B073021DD63E4383CC2370D003CA058236A3E0860E034515EA894F6995B0ED4F198CB471CB2A5E0BF4330A4D84FBDA254C5A6F367781CD4A47B9C16D9371D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.!...!...!...se..!...s[..!...sd.?!..|.O..!...XY..!...!..'!....`..!....X..!...s_..!....Z..!..Rich.!..........................PE..L...b9/V...........!.....$..........84.......@............................................@.............................F...(...<...................................0B..8...........................x...@............@...............................text...{".......$.................. ..`.rdata...X...@...Z...(..............@..@.data....2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):109568
                                                                                                                                                                                                                                                                        Entropy (8bit):6.474745502920158
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:3jVqSAqTNsYdNB3XT8le/lqWG3v0ESpz7cv+qsWjcd4JJ:3jgYd3T88Up/0wu+J
                                                                                                                                                                                                                                                                        MD5:B0A3CB1FC2B5195842E8BF12FD9B87F4
                                                                                                                                                                                                                                                                        SHA1:EDC423C35A48EFFC139A224C10D1EDDE42B31BCE
                                                                                                                                                                                                                                                                        SHA-256:D39677CF84E33E4A55494D0AB4873B9F3BE16F83AD381B72B14D6C62CEF71518
                                                                                                                                                                                                                                                                        SHA-512:B93B073021DD63E4383CC2370D003CA058236A3E0860E034515EA894F6995B0ED4F198CB471CB2A5E0BF4330A4D84FBDA254C5A6F367781CD4A47B9C16D9371D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.!...!...!...se..!...s[..!...sd.?!..|.O..!...XY..!...!..'!....`..!....X..!...s_..!....Z..!..Rich.!..........................PE..L...b9/V...........!.....$..........84.......@............................................@.............................F...(...<...................................0B..8...........................x...@............@...............................text...{".......$.................. ..`.rdata...X...@...Z...(..............@..@.data....2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\clibs64\is-J9VJQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):128000
                                                                                                                                                                                                                                                                        Entropy (8bit):6.022352271630432
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:BzlRkrowTiYa0u6lQUf3V/4MSfayysXZzjGRobJy:BRylTHa+/yMByyupY
                                                                                                                                                                                                                                                                        MD5:5E8AD34FF069B6A2E1AE00BDFE96B612
                                                                                                                                                                                                                                                                        SHA1:3C83AA3EBD95D9A060ED1F06E236E046C6CD93A7
                                                                                                                                                                                                                                                                        SHA-256:4EE8D3375F2EEB8E5AFB230D13C2CF9EE0379B0EDFA76AD8DBF5EBC686A629C1
                                                                                                                                                                                                                                                                        SHA-512:54404199C3B5B3597DC8FB5A6E3C6772F2729045AA5C9AEE648C4306358481DEF2BC15538899AB5E0F5E33D202CEC863348830A090B144E00D1662CCF4175828
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dr[. .5. .5. .5.fB...5.fB...5.fB.).5.....".5.]j.#.5. .4...5....!.5....!.5.-A.!.5....!.5.Rich .5.........PE..d...\9/V.........." .....<...........7.......................................@............`.............................................F.......<.... .......................0......`T..8...........................@...p............P...............................text...p:.......<.................. ..`.rdata...~...P.......@..............@..@.data...p=..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):128000
                                                                                                                                                                                                                                                                        Entropy (8bit):6.022352271630432
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:BzlRkrowTiYa0u6lQUf3V/4MSfayysXZzjGRobJy:BRylTHa+/yMByyupY
                                                                                                                                                                                                                                                                        MD5:5E8AD34FF069B6A2E1AE00BDFE96B612
                                                                                                                                                                                                                                                                        SHA1:3C83AA3EBD95D9A060ED1F06E236E046C6CD93A7
                                                                                                                                                                                                                                                                        SHA-256:4EE8D3375F2EEB8E5AFB230D13C2CF9EE0379B0EDFA76AD8DBF5EBC686A629C1
                                                                                                                                                                                                                                                                        SHA-512:54404199C3B5B3597DC8FB5A6E3C6772F2729045AA5C9AEE648C4306358481DEF2BC15538899AB5E0F5E33D202CEC863348830A090B144E00D1662CCF4175828
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dr[. .5. .5. .5.fB...5.fB...5.fB.).5.....".5.]j.#.5. .4...5....!.5....!.5.-A.!.5....!.5.Rich .5.........PE..d...\9/V.........." .....<...........7.......................................@............`.............................................F.......<.... .......................0......`T..8...........................@...p............P...............................text...p:.......<.................. ..`.rdata...~...P.......@..............@..@.data...p=..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\commonmodulelist.txt (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1882
                                                                                                                                                                                                                                                                        Entropy (8bit):4.658116184932645
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:60wIlJhxWXs/2h8OjrGCLyO7OjO6NsVhVyQk7FUBL9HuTsx0refVS+IsZZsznGd2:HTP8gE8OvnKy6NsVu7FYLswlW/
                                                                                                                                                                                                                                                                        MD5:CC0F8B66BFEDC67DA8DBB2A7DF2AA006
                                                                                                                                                                                                                                                                        SHA1:C6D86CC43A042581E389DC9A28AFFDDF64294AC8
                                                                                                                                                                                                                                                                        SHA-256:CDDD0F35F7351E6F19486CCD7EEE5D31F0134C5C3554A12C7D51131DDE8E29CD
                                                                                                                                                                                                                                                                        SHA-512:A4AEC40AC6BEA2ADACF15829AEEEBE66117473A542303024669A828710C6AFD072C0F4890A6A334B35AC894A1A80A5BDD5E91A6FFCB7149540E304117A7E5800
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#write down modulenames that are commonly used by games..#this decreases the number of wrong results in various types of memory inspection....1911.dll..speedtreert.dll..visionengineplugin.vplugin..vision90.dll..vbase90.dll..nvscpapi.dll..physxcore.dll #nvidia physx..nxcooking.dll..physxloader.dll..physxextensions.dll..cudart.dll..openal32.dll..vorbisfile.dll..ogg.dll..vorbis.dll..vorbisenc.dll..vorbisfile.dll..binkw32.dll..bink2w64.dll..iconv.dll..gameoverlayrenderer.dll #steam..steam_api.dll..steam_api64.dll..steamclient.dll..steamclient64.dll..tier0_s.dll..vstdlib_s.dll..steam.dll..steam2.dll..mss32.dll..dbghelp.dll..umbra.dll..unrar.dll....#CE dll's..cehook.dll..allochook.dll..allochook-x86_64.dll..allochook-i386.dll..vehdebug-i386.dll..vehdebug-x86_64.dll..speedhack-i386.dll..speedhack-x86_64.dll..luaclient-i386.dll..luaclient-x86_64.dll..d3dhook.dll..d3dhook64.dll..ced3d9hook.dll..ced3d9hook64.dll..ced3d10hook.dll..ced3d10hook64.dll..ced3d11hook.dll..ced3d11hook64.dll..luaclient-

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):122776
                                                                                                                                                                                                                                                                        Entropy (8bit):6.859839225631497
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:QyfNvGKKZVGcuasOKQBBTff07PSZHCSVKOCDCA32XQaOCKnOEPChMOE6:lNvG7vGcIiBTMS18RD7325YO/hMOr
                                                                                                                                                                                                                                                                        MD5:2A2EBE526ACE7EEA5D58E416783D9087
                                                                                                                                                                                                                                                                        SHA1:5DABE0F7586F351ADDC8AFC5585EE9F70C99E6C4
                                                                                                                                                                                                                                                                        SHA-256:E2A7DF4C380667431F4443D5E5FC43964B76C8FCB9CF4C7DB921C4140B225B42
                                                                                                                                                                                                                                                                        SHA-512:94ED0038068ABDDD108F880DF23422E21F9808CE04A0D14299AACC5D573521F52626C0C2752B314CDA976F64DE52C4D5BCAC0158B37D43AFB9BC345F31FDBBC0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h...:U..h...:D..h...:R..h..|....h...h...h...:[..h...:@..h..Rich.h..........PE..L...}..S...........!.........j.......K....... .......................................d....@..................................L..<....................x...g...........!..............................XB..@............ ..|............................text............................... ..`.rdata...5... ...6..................@..@.data...<0...`.......D..............@....rsrc................X..............@..@.reloc..h............Z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):135064
                                                                                                                                                                                                                                                                        Entropy (8bit):6.612681349758152
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:ZGrrgbU27p/nFdpF/vwFLUjh2v5VjObfSVMPFtE8PdYO3kOc:crk3ZFdpRYUjh2verh6
                                                                                                                                                                                                                                                                        MD5:2AF7AFE35AB4825E58F43434F5AE9A0F
                                                                                                                                                                                                                                                                        SHA1:B67C51CAD09B236AE859A77D0807669283D6342F
                                                                                                                                                                                                                                                                        SHA-256:7D82694094C1BBC586E554FA87A4B1ED6EBC9EB14902FD429824DCD501339722
                                                                                                                                                                                                                                                                        SHA-512:23B7C6DB0CB9C918AD9F28FA0E4E683C7E2495E89A136B75B7E1BE6380591DA61B6FB4F7248191F28FD3D80C4A391744A96434B4AB96B9531B5EBB0EC970B9D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nV..............................*%..........................Rich............PE..d...p..S.........." .....&...~......0\...............................................8....@.................................................l...<........................g......$....C...............................................@...............................text....%.......&.................. ..`.rdata..~K...@...L...*..............@..@.data....;...........v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..>...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\dbk32.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):46468
                                                                                                                                                                                                                                                                        Entropy (8bit):7.994038510231404
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:knKJWrjSpYCoxMO0HqzZuCxbSbONOirgFENxbWUYfQsQB/ju9x0QhS5d7uuNMRgH:knKJorQO0KcFigi841WUYfQhju9x0OcF
                                                                                                                                                                                                                                                                        MD5:715D61B9BCC484E271775F36865A4CDE
                                                                                                                                                                                                                                                                        SHA1:8AE158AEF6F6005AA3D6E6F8A09A05FD95551784
                                                                                                                                                                                                                                                                        SHA-256:C4B5797588C80520745732B96D7C6681F8420BDF55E426C40B852E56E5630124
                                                                                                                                                                                                                                                                        SHA-512:5C8E462FA504AC91D928617C74E287B598CE326A323C8A05533D4245D018A4A4CC354D05A0568785E7642D8CF779805950D70FE167C456B2D15F8901D714C037
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK0:....|T..?~7..,...0.(....%........%.DL...uAE.....7...k...,..c[.........I.....Bk.y..........=..n6.}.......Wf.33g..9s..[r.V!U..#9E.........?...^.&.2..c....y.b...9..<..5?x(...<..#.....Y.x8...s..t.<......:d....K~.......O_....J...Q.S.y.o.m........^....F..G..s.A....D.E.......0.&...w....R...aV^.'.r_E?Vr.Z-.=E....K..j.].^i.4..Q.#"n.x.Y.....*.l.r... ..N9.......7...m.U...o....~z........I.9. NY........N.....Q...=..bP......w..o(.P.a...7.o..V=B.Pv..I..o..-......1.sp.P(x........M...~-.......R.N7...P.o..:....0)...+.Rq.(../....L.O.e.......^..8'.{"..!.=R.\...|.o.. ..U.c.5-.~g.S..3.A....p..+.#JC.....j..;.1S... ..STX.`y...Z....f.d....SI..Q....(P|d....l0....<{...0{.r..*Pr}..*.BE....{...2/;....H..kg.o....r<j.K3.S.U.e>X.<...c.4.d7/.`....k....YV.zU........).GO....Y.x....[.9.p...q.........G...7z.....y.......a.El.*F9&...[3...XF.P.<l.rU.o.C.a.4w..jI.UeU.tUi.....*.0.O..~J..^.a.M%VzwZ.*..U.WU$..qMU..h.\..MU...A.....1<...-......'...gG.U6!X.M.s

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\dbk64.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):55173
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995644990698608
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:aPQbr8Hv6jZwnB8K5vHTcM2b9+lmFD/cEt1kbD5F:Tbr8Hv6ji75vHTx9kD/cquP
                                                                                                                                                                                                                                                                        MD5:3885F7AF9007DF5A9874E61EDBB45F58
                                                                                                                                                                                                                                                                        SHA1:F7A7719E5A9036604CC64922FF2DC4FD40D253DD
                                                                                                                                                                                                                                                                        SHA-256:52EAA08C57AA0BA9737ED4413786DAB747DF4C692F34BF601D4FB0B37F231D08
                                                                                                                                                                                                                                                                        SHA-512:CAFF16F4171D205A1B44B18651FBA7B72D33F7FDD657C5EBA44853B26929B3F48749D9C5B07F158EA903D41C09A905D27D0A4E3D7B6228550B8C255FC64D5A3D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK.....{|SE.8~o...4$"..."...JQ.P.Z..[.*j}.E.VE..j]A[[.1........oD..)E[\.........1..."".....4e..........;....3g.9.V-O.47<..i./.........b..B...i....gB.EW.k....+'_..2....../.......E...N9=x..S.....D..>...W...g......Wr)../.s....C...}=..6.b.s[..~.?y...w.........i.M..t{.B..6..>.../W...0..k._;.*.........4.&.].....G....E.y....t....O..Wmj.K.P..ti...e...X`...I..k%;.3u....ow..D..E...:.h..D..E...r...dM.{WNS...%z...y..i...?5:..V.....F.:B]...=.gz.O.?..l.F.@.=G.....\9m..S4n.h+.wF........l..6[..W..f*........*....W..pr]X..z+..t:.......5;......a.Y.u..R.{..f......X4Tx....o2..._.1o........d7.....g.......~.....XG_.._1c....}.......|.........*0.u....-.u..N.*.y=.~..:x5..C.k....j.A.HIuQ4...cZ./.6}.X........;.:5.....0?.N.*`....x.......l..w...BEf|F..GC.h....oe....V2..B.Y...b......'.....*.q$6..k.7@M1x...i..o.Y.M....N+.N.1..x.~.r...............Qa...a..].p...._....d..$L....g..Nn.SQ[.......Mb..b|y...}....%v1....D].,Jji..(Q.h..M..G.q...[B.h.j.y`

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\defines.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12502
                                                                                                                                                                                                                                                                        Entropy (8bit):5.40558493486102
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0egHuderGTd4G9mSZk/8fdtINfbLmJFcSC5xm+9qh07EBS5pekFrLUK80u9ETxst:AHuderlSZk/8FtIF4umMqEpDg3fT
                                                                                                                                                                                                                                                                        MD5:62E1FA241D417668F7C5DA6E4009A5A6
                                                                                                                                                                                                                                                                        SHA1:F887409E3C204A87731F317A999DC7E4CC8D3FCD
                                                                                                                                                                                                                                                                        SHA-256:82E8EF7DF20A86791CEF062F2DCACB1D91B4ADC9F5DEA2FD274886BE8365B2F8
                                                                                                                                                                                                                                                                        SHA-512:2283CBB9E1D5D53AD1ED9BC9DB6034FB3C53C633B11001F373523640BBBBA95DA9A3A0866C7D5FA0620FACAB7D18C8577DFD69496FC7319E0A4A74D0B9E10C45
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Defines:....--checkbox state defines..cbUnchecked=0..cbChecked=1..cbGrayed=2......--onMouseEvent button defines:..mbLeft=0..mbRight=1..mbMiddle=2..mbExtra1=3..mbExtra2=4......--memo scrollbar defines..ssNone=0..ssHorizontal=1..ssVertical=2..ssBoth=3..ssAutoHorizontal=4..ssAutoVertical=5..ssAutoBoth=6......bsNone=0..bsSingle=1..bsSizeable=2..bsDialog=3..bsToolWindow=4..bsSizeToolWin=5........--scan types: (fast scan methods)..fsmNotAligned=0..fsmAligned=1..fsmLastDigits=2....--rounding types..rtRounded=0..rtExtremerounded=1..rtTruncated=2....--scan options..soUnknownValue=0..soExactValue=1..soValueBetween=2..soBiggerThan=3..soSmallerThan=4..soIncreasedValue=5..soIncreasedValueBy=6..soDecreasedValue=7..soDecreasedValueBy=8..soChanged=9..soUnchanged=10......--debug variables..--Breakpoint methods:..bpmInt3=0..bpmDebugRegister=1..bpmException=2......--Breakpoint triggers:..bptExecute=0..bptAccess=1..bptWrite=2....--breakpoint continue methods:..co_run=0..co_stepinto=1..co_stepover=2....-

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\donottrace.txt (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):104
                                                                                                                                                                                                                                                                        Entropy (8bit):4.292808527787486
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:VSPAiQ7UeSaClo+tHEu3jdXgOYsO:Vr7Ueyl4u3jdQOS
                                                                                                                                                                                                                                                                        MD5:A2E60A2F01F69D0DA415C58F25C37E5B
                                                                                                                                                                                                                                                                        SHA1:FA1A0D6183FEE10DE5FA4C554370556217E3AF26
                                                                                                                                                                                                                                                                        SHA-256:DC9354CCF9667D1E5CA13D6468BA2C258256042D7C25E6D91ADE7F8E2A2FF3BF
                                                                                                                                                                                                                                                                        SHA-512:CE7F5F8365D2EF3DA14D4123CC7EF053A7F99E8F98D47E6C5967F267B8EC7FDAC2DA993D0FC26DF8EB2FACE176BA56B7359BA1F29F021E1DFDD561B15EFE64AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#Enter modulenames you do not wish to trace..#kernel32.dll #example. comment out to ignore kernel32.dll

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3208608
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4378051911330445
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:itwSHCeicAlYJhPx7Ur4+Kn8KTqeUrncXbvTCeVxkg8vL5V2zRkit6bch6WuDgR1:itwAf64swnNmnfsR3ccJkKSib
                                                                                                                                                                                                                                                                        MD5:0D4BDC37F5031A827B2877770974FE49
                                                                                                                                                                                                                                                                        SHA1:7D7D63F1CC49FB94D2FD59AF8A0BA89966CE0E07
                                                                                                                                                                                                                                                                        SHA-256:F3C536EC5307D71260FA5D6D70AC56A20A00DBC3FB785E0DEB4EF0F7DC66FC2E
                                                                                                                                                                                                                                                                        SHA-512:D1FAF9BCF6BBF6E458780F4D913BA600A5F987FF33BE8D24A1165F5BFA925B2D1DFFDAA6E666712D09D58478174BC2956877A4A60376F7773D1E818BB38A23E1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........................d...D....-.......0....@..........................@1.......1.......................................-...... ................0..k..................................P0......................8.-.\............................text............................... ..`.data...d....0......................@....rdata...=... %..>....%.............@..@.bss....D....`-..........................CRT..........-......F-.............@....idata.../....-..0...H-.............@....rsrc........ .......x-.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4210080
                                                                                                                                                                                                                                                                        Entropy (8bit):6.041283402178925
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:aMiOO5AqojVbq2s2Kyvzq/9E3piKR+77v5WiESldKtyQ6WuDgRPOjgy+OSijV:aMiOOaBbq2VVvnlykESip
                                                                                                                                                                                                                                                                        MD5:AEC662CEAE2C4D5ABAEEEE084D828582
                                                                                                                                                                                                                                                                        SHA1:A57CEB95E3FD3F8E8C59C0B7E913E2681B64751D
                                                                                                                                                                                                                                                                        SHA-256:2DD35A044D1291D593F1DA15C40FD124DA3E4D52D0D045EC61465B725E58079D
                                                                                                                                                                                                                                                                        SHA-512:FF28EB79795A6D4AD97A5C79CEB5314208C616BE7CC9196622B9BB2AB8149C6CAA166EED6165923DC8FA253A400422CBEE9E061E72DCF61CE66C700D1451AE7A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......#..m......-........................................@...... A......................................................@=.......=......0:.Ta....?..k..................................p.$.(....................O=..............................text.....#.......#................. ..`.data....m....$..n....#.............@....rdata.......p*......b*.............@..@.pdata..Ta...0:..b....:.............@..@.bss.........<..........................CRT.........0=......~<.............@....idata..@>...@=..@....<.............@....rsrc.........=.......<.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\_mingw.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3865
                                                                                                                                                                                                                                                                        Entropy (8bit):5.239566441223487
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:aOgQsLqPQLHbXTN6oYsNhd6vgAwFQCbTprO5BPPTeraG9n0WP/zgSRQh:aOgQO3hdE8KBPPTrGHU5
                                                                                                                                                                                                                                                                        MD5:DC2829239704CDD5A5109699666FA573
                                                                                                                                                                                                                                                                        SHA1:60C09E102F552444D59ED9ED474E667136C16DC0
                                                                                                                                                                                                                                                                        SHA-256:AB4BE7D34E7FA0E722F0948E0C90AD4D95B8A1EC649C2F186DFA387B57BE7833
                                                                                                                                                                                                                                                                        SHA-512:F3551AEF2A0FFE42A16F1A8BE26B2C2722E773A59D21B60B2454AB0B68B008402623F378D2AFAA30FEBA87F560475A52D2899E6D062BD7F88E22119B25231F17
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*. * _mingw.h. *. * This file is for TinyCC and not part of the Mingw32 package.. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#ifndef __MINGW_H.#define __MINGW_H../* some winapi files define these before including _mingw.h --> */.#undef __cdecl.#undef _X86_.#undef WIN32./* <-- */..#include <stddef.h>.#include <stdarg.h>..#define __int8 char.#define __int16 short.#define __int32 int.#define __int64 long long.#define _HAVE_INT64..#define __cdecl.#define __declspec(x) __attribute__((x)).#define __unaligned __attribute__((packed)).#define __fastcall __attribute__((fastcall))..#define __MSVCRT__ 1.#undef _MSVCRT_

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\assert.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1439
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2295620824781714
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDaGduHH7PPW3ep0m3Vp0GrHt+5p0CKpmucLNw/HHsuHfgpbrRD:GRdm3emm3Vm+HOmCKmC1fgdp
                                                                                                                                                                                                                                                                        MD5:9C022D741996DB6D32411BFEF4EADB41
                                                                                                                                                                                                                                                                        SHA1:4BA93D77927EB8CFDCFE07F56D6EDADE180AF1DD
                                                                                                                                                                                                                                                                        SHA-256:3AB7EDEC5E55840C35BE252BAD52236955C3B4F9143810CDB1F09C34510EB8C4
                                                                                                                                                                                                                                                                        SHA-512:E448608BFECB770A087CB19934A1B45A5C564EA10BDF5A40BBB250F472830ECEE4990C669E90E495ECB5D4E48C3871CC2A33CE84F2D38524449FC9F5FD501DA0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __ASSERT_H_.#define __ASSERT_H_..#include <_mingw.h>.#ifdef __cplusplus.#include <stdlib.h>.#endif..#ifdef NDEBUG.#ifndef assert.#define assert(_Expression) ((void)0).#endif.#else..#ifndef _CRT_TERMINATE_DEFINED.#define _CRT_TERMINATE_DEFINED. void __cdecl __MINGW_NOTHROW exit(int _Code) __MINGW_ATTRIB_NORETURN;. _CRTIMP void __cdecl __MINGW_NOTHROW _exit(int _Code) __MINGW_ATTRIB_NORETURN;.#if !defined __NO_ISOCEXT /* extern stub in static libmingwex.a */./* C99 function name */.void __cdecl _Exit(int) __MINGW_ATTRIB_NORETURN;.__CRT_INLINE __MINGW_ATTRIB_NORETURN void __cdecl _Exit(int status).{ _exit(status); }.#endif..#pragma push_macro("abort").#undef abort. void __cdecl __declspec(noreturn) abort(void);.#pragma pop_macro("abort")..#endif..#ifdef __cplusplus.ext

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\celib.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):164
                                                                                                                                                                                                                                                                        Entropy (8bit):4.396200340591225
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YRTvF08wB32DsxQGG+TSERKR9BeCTSERKRIHTSERKR7LsyodP1XGZovVOMD:oF08iGDsx9TSEIToCTSEIcTSEIVun4yJ
                                                                                                                                                                                                                                                                        MD5:623F15DB2D9075E9DE1E1E5217854933
                                                                                                                                                                                                                                                                        SHA1:247EBCAA4F74507EDC5E06E2382378561E67027E
                                                                                                                                                                                                                                                                        SHA-256:2C63CD52CD589A204C8E5F75B9179FD520BE1A0770A698303526BE4069613E3B
                                                                                                                                                                                                                                                                        SHA-512:34555DF799E9F54EFDFF3BE4498CF20565935A0D5A116D030475042E3BD1CEA9F949A8CC4D9DD5C320FD528879B6221CA70CA0B9068C1AC6381B55C4756D92C4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef celib_h..#define celib_h....typedef struct _cecs..{.. volatile int locked;.. volatile int threadif;.. volatile int lockcount; ..} cecs, *Pcecs;....#endif

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\conio.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11130
                                                                                                                                                                                                                                                                        Entropy (8bit):4.886603456377803
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R9IFnJJzpoJItwJ+Y31t1d1uF8sFX9B17lHLQWq4QcHyQA3sG1:XI4IJ2WzPw
                                                                                                                                                                                                                                                                        MD5:6A61E54AD2614BA528414C7B69147CAF
                                                                                                                                                                                                                                                                        SHA1:242479133484E15A2AF816D95DDB053835BF4C64
                                                                                                                                                                                                                                                                        SHA-256:DE7161F85835D98B38FE6A19EF8973DCAF58EC237B1C91CF05AC535B2FF3845F
                                                                                                                                                                                                                                                                        SHA-512:468702A606E20FFA893054F676C56DFE6EB3D28A002BAE143298422AB388A2F2F78E318714F5274BC9EBD243863F5228D5EBEAD5F31D892E96D8742C8E6846A1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CONIO.#define _INC_CONIO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP char *_cgets(char *_Buffer);. _CRTIMP int __cdecl _cprintf(const char *_Format,...);. _CRTIMP int __cdecl _cputs(const char *_Str);. _CRTIMP int __cdecl _cscanf(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _getch(void);. _CRTIMP int __cdecl _getche(void);. _CRTIMP int __cdecl _vcprintf(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_p(const char *_Format,...);. _CRTIMP int __cdecl _vcprintf_p(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_l(const char *_Format,_loc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\ctype.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9755
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0535405224800884
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:aK0sBzLLoy8q3JHZDrs+UAt0g7WnBeaIlzjD:EALLb8ars+Flzf
                                                                                                                                                                                                                                                                        MD5:22E5A00491E32D15B40B196397AD01C1
                                                                                                                                                                                                                                                                        SHA1:B0DB6FCBF4ABD2F4FDEA2771399C1E502D9F8106
                                                                                                                                                                                                                                                                        SHA-256:4CFAAA43B3F7414984126E8B1CDF65F9DAC0EF68D9A3396BE0B8828376A74A6B
                                                                                                                                                                                                                                                                        SHA-512:28839104776441738233334A20DE6CE3ADA51179FB50366C27AB60432949FC78E1CCF735D2E80216F8779D84328634005C322D0010875E8FE0FF33D699ECC114
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CTYPE.#define _INC_CTYPE..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func().(_pctype).#else.#define __pctype_func().(*_imp___pctype).#endif.#endif..#ifndef _pctype.#ifdef _MSVCRT_. extern unsigned short *_pctype;.#else. extern unsigned short **_imp___pctype;.#define _pctype (*_imp___pctype).#endif.#endif..#endif.#endif..#ifndef _CRT_WCTYPEDATA_DEFINED.#define _CRT_WCTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS.#ifndef _wctype.#ifdef _MSVCRT_. extern unsigned short *_wctype;.#else. extern unsigned short **_im

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\dir.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):952
                                                                                                                                                                                                                                                                        Entropy (8bit):4.981227039868006
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDadJeDoxsClLEdPQq15Fo30wLwNOk60:GYo6XDQsLp
                                                                                                                                                                                                                                                                        MD5:EF5C7267DF270272BFA8F8EBD1B516F2
                                                                                                                                                                                                                                                                        SHA1:1E3F8A9AFD814EFA8CF7C88DC480E9914A5BC570
                                                                                                                                                                                                                                                                        SHA-256:84064B17E501D691C43D47E45B112C2884DB467417910B5FA1482B72342BADFB
                                                                                                                                                                                                                                                                        SHA-512:8CA2B0E08B66EAA843FC7AD0F8F4063450A469914819A637AA3F8CAC39DD38E32CC0403F2B04F767AE486934026585B56F93544C8A1F5D92CCE32CE84A4506F4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* . * dir.h. *. * This file OBSOLESCENT and only provided for backward compatibility.. * Please use io.h instead.. *. * This file is part of the Mingw32 package.. *. * Contributors:. * Created by Colin Peters <colin@bird.fu.is.saga-u.ac.jp>. * Mumit Khan <khan@xraylith.wisc.edu>. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#include <io.h>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\direct.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1979
                                                                                                                                                                                                                                                                        Entropy (8bit):5.047752773488744
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDnZTwNe2FhqA7DiyX40E090m0c0/0vF7Gl0lF+yivXw0vZ0CZ0F2xFeHv:Gs6Z7aNA7bmwGOK0gZBZCQs
                                                                                                                                                                                                                                                                        MD5:83679DA78AAF8F8352ACB1883B9EF868
                                                                                                                                                                                                                                                                        SHA1:FD89079636571A93755120120AB4F03B91076478
                                                                                                                                                                                                                                                                        SHA-256:179C3204312D7CF8032102773629BCB3E5FFF792D1D808931CB6619A431D2435
                                                                                                                                                                                                                                                                        SHA-512:13AF1F2C118E898E6055CA61286C9766DF75366FF4F30708F613193CD8F89AFC4A4CC2FD31FC3AC6DCE5D577EE83E203F79ACA3B739D9D9E9E60B42CD9C7036E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DIRECT.#define _INC_DIRECT..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif.. _CRTIMP char *__cdecl _getcwd(char *_DstBuf,int _SizeInBytes);. _CRTIMP char *__cdecl _getdcwd(int _Drive,char *_DstBuf,int _SizeInBytes);. char *__cdecl _getdcwd_nolock(int _Drive,char *_DstBuf,int _SizeInBytes);. _CRTIMP int __cdecl _chdir(const char *_Path);. _CRTIMP int __cdecl _mkdir(const char *_Path);. _CRTIMP int __cdecl _rmdir(const char *_Path);. _CRTIMP int __cdecl _chdrive(int _Drive);. _CRTIMP in

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\dirent.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3339
                                                                                                                                                                                                                                                                        Entropy (8bit):4.737300914010111
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GzyKQvcpqt7K7PnON+J3esAYUJ0q/nfB2Vt7K7qpdSVNsJ35sAYqJ0q/WaLcC:ayfv0ONgcKqvspkVNyh8q+UcC
                                                                                                                                                                                                                                                                        MD5:AFBE32EE6DED8CBAD33D6FE3FBBF077D
                                                                                                                                                                                                                                                                        SHA1:A7F0D3EDEE5F49E127575EB25E64E2747108E7C3
                                                                                                                                                                                                                                                                        SHA-256:88C1F767FDCD6D51B991EE3234792DA48C8576F5F8816F17A42344F9C8BBB1C1
                                                                                                                                                                                                                                                                        SHA-512:F655A40F8C87A0CB43A34AE47612D5CEF2CF7814FD2AE9CE1C8566F97F45E91470364BD87E8C12861CCE44FB8CCA54717546BAACC6CCBDACE51D0D15206304DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* All the headers include this file. */.#include <_mingw.h>..#ifndef.__STRICT_ANSI__..#ifndef _DIRENT_H_.#define _DIRENT_H_...#pragma pack(push,_CRT_PACKING)..#include <io.h>..#ifndef RC_INVOKED..#ifdef __cplusplus.extern "C" {.#endif.. struct dirent. {. long..d_ino;../* Always zero. */. unsigned short.d_reclen;./* Always zero. */. unsigned short.d_namlen;./* Length of name in d_name. */. char*..d_name;../* File name. */. /* NOTE: The name in the dirent structure points to the name in the. * finddata_t structure in the DIR. */. };.. /*. * This is an internal data structure. Good programmers will not use it. * except as an argument to one of the functions below.. * dd_stat field is now int (was short in older versions).. */. typedef struct. {.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\dos.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1090
                                                                                                                                                                                                                                                                        Entropy (8bit):5.185707945606799
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDLDhTwNeehqAaZzTcvYRkvF76bUge/xXmy:GyDCHcOV6bULZv
                                                                                                                                                                                                                                                                        MD5:3B6FBC94238DF0FD001B04D55BC899DB
                                                                                                                                                                                                                                                                        SHA1:231E18CE6A5488B2353FB9EF052FD6677C2CF555
                                                                                                                                                                                                                                                                        SHA-256:3AFEA4AE85C68987FE59F40592AC5EA3EF1049B4FB72612BB185358D628E2DEC
                                                                                                                                                                                                                                                                        SHA-512:28BA3ED6CC9511F17798822FA81A2D16DA17CA4AF9DA64F3EDC9170FBB883801BF07390214C54B58A32251E6A1C3BB359CB76E892DDB77FBF8C1BF3985E13E5E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DOS.#define _INC_DOS..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED.. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif..#define _A_NORMAL 0x00.#define _A_RDONLY 0x01.#define _A_HIDDEN 0x02.#define _A_SYSTEM 0x04.#define _A_SUBDIR 0x10.#define _A_ARCH 0x20..#ifndef _GETDISKFREE_DEFINED.#define _GETDISKFREE_DEFINED. _CRTIMP unsigned __cdecl _getdiskfree(unsigned _Drive,struct _diskfree_t *_DiskFree);.#endif..#if (defined(_X86_) && !defined(__x86_64)). void __cdecl _disable(void);. void __cdecl _enable(void);.#endif..#ifndef.NO_OLDNAMES.#de

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\errno.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1410
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11838654592129
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDZ8CF1niJLkkutU0IdH6lO7baol3fRfUJhBJXs:Gi4YeH8915s
                                                                                                                                                                                                                                                                        MD5:B81E5A965ABD076FB52DE6DFA22A78C4
                                                                                                                                                                                                                                                                        SHA1:DC11ACF6A38871E60D79108DAD6C3156715F05E7
                                                                                                                                                                                                                                                                        SHA-256:7C8494FE57D944773861C4C1CC1F2B46B3111144A24BF505B3D47B32F0AC1E8A
                                                                                                                                                                                                                                                                        SHA-512:8F3057882753150FEFA734897ECFD8DC4082580E856947910FCD891D744651706338A7DF78C1DCF1C7E54EE79EA2A6E8D2646BE9DAC92EF301D7347801F04273
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_ERRNO.#define _INC_ERRNO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRT_ERRNO_DEFINED.#define _CRT_ERRNO_DEFINED. _CRTIMP extern int *__cdecl _errno(void);.#define errno (*_errno()).. errno_t __cdecl _set_errno(int _Value);. errno_t __cdecl _get_errno(int *_Value);.#endif..#define EPERM 1.#define ENOENT 2.#define ESRCH 3.#define EINTR 4.#define EIO 5.#define ENXIO 6.#define E2BIG 7.#define ENOEXEC 8.#define EBADF 9.#define ECHILD 10.#define EAGAIN 11.#define ENOMEM 12.#define EACCES 13.#define EFAULT 14.#define EBUSY 16.#define EEXIST 17.#define EXDEV 18.#define ENODEV 19.#define ENOTDIR 20.#define EISDIR 21.#define ENFILE 23.#define EMFILE 24.#define ENOTTY 25.#define EFBIG 27.#define ENOSPC 28.#define ESPIPE 29.#define EROFS 30.#de

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\excpt.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3796
                                                                                                                                                                                                                                                                        Entropy (8bit):5.3190944253059405
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GdUcbUGSCnlAxeSeFkvSp2wCoIt6TcUEYEJ+CkbUHfXF0XQtVI:QTIGTWeFk6pw/6TOMvIfFsA+
                                                                                                                                                                                                                                                                        MD5:D236372CBA09E14C37B4E48F81BAEF83
                                                                                                                                                                                                                                                                        SHA1:11A3BFFAACEDFA1CAA4B4BB836CD95297A4ECC6D
                                                                                                                                                                                                                                                                        SHA-256:0098E51602C94F8A9702F4B776D3630F56EEC27ED67B9FC36D9204933B58AC4D
                                                                                                                                                                                                                                                                        SHA-512:D7C22525FBB97BF8950DB69645511420F1198ABE33F5D0FE07A5EE8DD6B5CDA07038B6DB71A2995C6F5EC1B85D8B98E4370330193132E95F2A65E3A847F04408
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_EXCPT.#define _INC_EXCPT..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif.. struct _EXCEPTION_POINTERS;..#ifndef EXCEPTION_DISPOSITION.#define EXCEPTION_DISPOSITION int.#endif.#define ExceptionContinueExecution 0.#define ExceptionContinueSearch 1.#define ExceptionNestedException 2.#define ExceptionCollidedUnwind 3..#if (defined(_X86_) && !defined(__x86_64)). struct _EXCEPTION_RECORD;. struct _CONTEXT;.. EXCEPTION_DISPOSITION __cdecl _except_handler(struct _EXCEPTION_RECORD *_ExceptionRecord,void *_EstablisherFrame,struct _CONTEXT *_ContextRecord,void *_DispatcherContext);.#elif defined(__ia64__).. typedef struct _EXCEPTION_POINTERS *Exception_info_ptr;. struct _EXCEPTION_RECORD;. struct _CONTEXT;. struct _DISP

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\fcntl.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1269
                                                                                                                                                                                                                                                                        Entropy (8bit):5.067511244355359
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDeLwFq64bCszOD1zr/Aob1UBFv1tDaMLQHy2RoP/17FN:GOFq6UkybLGMLgyx/17z
                                                                                                                                                                                                                                                                        MD5:478ADD63D2C741D03A60A11BDC4FC0D3
                                                                                                                                                                                                                                                                        SHA1:E9E0C857D2C409F23C346D81B77C5634F1C395AB
                                                                                                                                                                                                                                                                        SHA-256:FBD94F945A57165AC897BDBACD2A861B1351E7850FA76752703C0A622E0646FA
                                                                                                                                                                                                                                                                        SHA-512:BCCC563718B1A03E93E5BF8CF0D79BB3128A3FC1FDD6FBC17792CBAF3C5DE70DE06EC2F88D8EED7105FF62056E32E9A79570F5890E75F4443033421D283B2FEC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#include <io.h>..#ifndef _INC_FCNTL.#define _INC_FCNTL..#define _O_RDONLY 0x0000.#define _O_WRONLY 0x0001.#define _O_RDWR 0x0002.#define _O_APPEND 0x0008.#define _O_CREAT 0x0100.#define _O_TRUNC 0x0200.#define _O_EXCL 0x0400.#define _O_TEXT 0x4000.#define _O_BINARY 0x8000.#define _O_WTEXT 0x10000.#define _O_U16TEXT 0x20000.#define _O_U8TEXT 0x40000.#define _O_ACCMODE (_O_RDONLY|_O_WRONLY|_O_RDWR)..#define _O_RAW _O_BINARY.#define _O_NOINHERIT 0x0080.#define _O_TEMPORARY 0x0040.#define _O_SHORT_LIVED 0x1000..#define _O_SEQUENTIAL 0x0020.#define _O_RANDOM 0x0010..#if !defined(NO_OLDNAMES) || defined(_POSIX).#define O_RDONLY _O_RDONLY.#define O_WRONLY _O_WRONLY.#define O_RDWR _O_RDWR.#define O_APPEND _O_APPEND.#define O_CREAT _O_CREAT.#define O_TRUNC _O_TRUNC

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\fenv.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3146
                                                                                                                                                                                                                                                                        Entropy (8bit):5.109358717547865
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GjF4XfZlIPU0rBLeGwDO0QZFxI2bMCaZSpEhW8bxv:CivoPU0rBLeRDO0QfxI2YCaZZhNl
                                                                                                                                                                                                                                                                        MD5:DEEC7C35F77EC8E22074667641CA8851
                                                                                                                                                                                                                                                                        SHA1:8CCE6B663A9A04B3C13AA6621B0798E487A8A88E
                                                                                                                                                                                                                                                                        SHA-256:67A827ACF4E09653AFB5D18F2ECAA5FCDFB7471D8A5B8197C2F33D06E8462F84
                                                                                                                                                                                                                                                                        SHA-512:8DE2B82B0579E6C37546A26BC1AB5D7603090E815D8CE728474B1405339AB4EF4F0794DF19FF4CC3780AA7259288D4D93FD50B0E9C63D413FF22AD5E72BFCBE5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _FENV_H_.#define _FENV_H_..#include <_mingw.h>../* FPU status word exception flags */.#define FE_INVALID.0x01.#define FE_DENORMAL.0x02.#define FE_DIVBYZERO.0x04.#define FE_OVERFLOW.0x08.#define FE_UNDERFLOW.0x10.#define FE_INEXACT.0x20.#define FE_ALL_EXCEPT (FE_INVALID | FE_DENORMAL | FE_DIVBYZERO \... | FE_OVERFLOW | FE_UNDERFLOW | FE_INEXACT)../* FPU control word rounding flags */.#define FE_TONEAREST.0x0000.#define FE_DOWNWARD.0x0400.#define FE_UPWARD.0x0800.#define FE_TOWARDZERO.0x0c00../* The MXCSR exception flags are the same as the. FE flags. */.#define __MXCSR_EXCEPT_FLAG_SHIFT 0../* How much to shift FE status word exception flags. to get MXCSR rounding flags, */.#define __MXCSR_ROUND_FLAG_SHIFT 3..#ifndef RC_INVOKED./*. For now, support only for t

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\float.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1374
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161015521868813
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:9Mz83vjoKY2mg/oCrPy+lUmCSh/PTtcmBSED9smlS1:9MEj+bkoCrqahXBPSEDWJ
                                                                                                                                                                                                                                                                        MD5:3B2E4B0C01E5B0B790F4F6751E977CC9
                                                                                                                                                                                                                                                                        SHA1:06DB05E1C73809CD442EF58F775A8E87D708421D
                                                                                                                                                                                                                                                                        SHA-256:C9BAAA478E3BA85897B781F7065B9E144FAACC8E81CAFA5A642B5D49C78434EB
                                                                                                                                                                                                                                                                        SHA-512:28DD57DC4360292B987D38A408771B5E1D5B423BFD9656BEE9DFA2F9BC19696AF63A7F90CD350C8445BB27C5049987D97D9530AB15F3697D37652A91AAA7F892
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _FLOAT_H_.#define _FLOAT_H_..#define FLT_RADIX 2../* IEEE float */.#define FLT_MANT_DIG 24.#define FLT_DIG 6.#define FLT_ROUNDS 1.#define FLT_EPSILON 1.19209290e-07F.#define FLT_MIN_EXP (-125).#define FLT_MIN 1.17549435e-38F.#define FLT_MIN_10_EXP (-37).#define FLT_MAX_EXP 128.#define FLT_MAX 3.40282347e+38F.#define FLT_MAX_10_EXP 38../* IEEE double */.#define DBL_MANT_DIG 53.#define DBL_DIG 15.#define DBL_EPSILON 2.2204460492503131e-16.#define DBL_MIN_EXP (-1021).#define DBL_MIN 2.2250738585072014e-308.#define DBL_MIN_10_EXP (-307).#define DBL_MAX_EXP 1024.#define DBL_MAX 1.7976931348623157e+308.#define DBL_MAX_10_EXP 308../* horrible intel long double */.#if defined __i386__ || defined __x86_64__..#define LDBL_MANT_DIG 64.#define LDBL_DIG 18.#define LDBL_EPSILON 1.08420217248550443401e-19L.#define LDBL_MIN_EXP (-16381).#define LDBL_MIN 3.36210314311209350626e-4932L.#define LDBL_MIN_10_EXP (-4931).#define LDBL_MAX_EXP 16384.#define LDBL_MAX 1.18973149535723176502e+4932L.#defin

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\inttypes.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6072
                                                                                                                                                                                                                                                                        Entropy (8bit):5.148919168403688
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:a0GgtlRUn9ZpD5AgcpqdvDp/pwZzSAGkKTskBkbBpbwlHrhchgM2bRBhuYBbV3VU:a0GgJUn9ZpD+gcpqdvDp/pwZzP1iskSX
                                                                                                                                                                                                                                                                        MD5:6BB72461C8C72CC3B96F78C73FA803BA
                                                                                                                                                                                                                                                                        SHA1:4506FB8BFA1622D4533DB176B3DCFAB0AE021672
                                                                                                                                                                                                                                                                        SHA-256:4194C0408CDBA330B7CFA1D2091D72A0CFBF2077FF1FEB19F436F3F3AA2ADF18
                                                                                                                                                                                                                                                                        SHA-512:5F6D95651183FBCE7490A619D37672F2D3BAC516319D0EDCD4E782A77632B457632EB83AB54B67132752649FBBFBD1D4EB2B4ABA2622BDF729F0C4BD7509DB2B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* 7.8 Format conversion of integer types <inttypes.h> */..#ifndef _INTTYPES_H_.#define _INTTYPES_H_..#include <_mingw.h>.#include <stdint.h>.#define __need_wchar_t.#include <stddef.h>..#ifdef.__cplusplus.extern."C".{.#endif..typedef struct {..intmax_t quot;..intmax_t rem;..} imaxdiv_t;..#if !defined(__cplusplus) || defined(__STDC_FORMAT_MACROS)../* 7.8.1 Macros for format specifiers. * . * MS runtime does not yet understand C9x standard "ll". * length specifier. It appears to treat "ll" as "l".. * The non-standard I64 length specifier causes warning in GCC,. * but understood by MS runtime functions.. */../* fprintf macros for signed types */.#define PRId8 "d".#define PRId16 "d".#define PRId32 "d".#define PRId64 "I64d"..#define PRIdLEAST8 "d".#define PRIdLEAST16 "d".#define PR

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\io.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13067
                                                                                                                                                                                                                                                                        Entropy (8bit):5.032337228232408
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:Y8Bx8BjP8BJPKf37Rw8z/hI9B3mpv6O3O8iONUO5OG0xLIJ8SNgVSAMczPO8cONU:r02oxz7vX+8fNxIG0S8SNgVxz28ZNU
                                                                                                                                                                                                                                                                        MD5:4AC0744EF16453FEBED8DE4242997946
                                                                                                                                                                                                                                                                        SHA1:B092C9006DE0A8DBE7F0FF568B6CAAFB00B4C90A
                                                                                                                                                                                                                                                                        SHA-256:5DA97C850E8E2AB608C42947A33411F556F6D75B8264E1E5CF29CA7BA7B96256
                                                                                                                                                                                                                                                                        SHA-512:1EC9947C6FE0160954F3922D6990863865D274874C31355F0838CCBB1BBF6650A9A3F0D3590537A189AFBF80E33CDE5393260FDD5F3EA5A736A066CDCC5FF815
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:./**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _IO_H_.#define _IO_H_..#include <_mingw.h>.#include <string.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _POSIX_..#ifdef __cplusplus.extern "C" {.#endif.._CRTIMP char* __cdecl _getcwd (char*, int);.#ifndef _FSIZE_T_DEFINED. typedef unsigned long _fsize_t;.#define _FSIZE_T_DEFINED.#endif..#ifndef _FINDDATA_T_DEFINED.. struct _finddata32_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. _fsize_t size;. char name[260];. };../*#if _INTEGRAL_MAX_BITS >= 64*/.. struct _finddata32i64_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. __int64 size;. char name[260];. };.. struct _finddata64i32_t {. unsigned attrib;. __time64_t time_create

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-16QLV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8590
                                                                                                                                                                                                                                                                        Entropy (8bit):4.845158903423087
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9SahrQ/tJUaRaV/f7WtxfeiZDHy6U4diocGLIvHKLhfyW7Ja0+8:9sJlS6H
                                                                                                                                                                                                                                                                        MD5:7E3AC3220BF883DA2DB8CDC7B8100D0B
                                                                                                                                                                                                                                                                        SHA1:666E6F91306EF6412AE912FA386B3DECC6332AD5
                                                                                                                                                                                                                                                                        SHA-256:D5C02C22653784792EEFF04CC453467BA22C214D9ACE876127EAB5FCCCBCA762
                                                                                                                                                                                                                                                                        SHA-512:1E27E9E73C5D3FBEC7CE41CB3B5FD6615BACC416991321BCE22B599150902352CF60078CD447BBBBD49F3106254C5E88E3FB01CA7DE62DA9A4DEDB6FD60F9B7A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING.#define _INC_STRING..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _NLSCMP_DEFINED.#define _NLSCMP_DEFINED.#define _NLSCMPERROR 2147483647.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Bu

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-3I2TU.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1979
                                                                                                                                                                                                                                                                        Entropy (8bit):5.047752773488744
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDnZTwNe2FhqA7DiyX40E090m0c0/0vF7Gl0lF+yivXw0vZ0CZ0F2xFeHv:Gs6Z7aNA7bmwGOK0gZBZCQs
                                                                                                                                                                                                                                                                        MD5:83679DA78AAF8F8352ACB1883B9EF868
                                                                                                                                                                                                                                                                        SHA1:FD89079636571A93755120120AB4F03B91076478
                                                                                                                                                                                                                                                                        SHA-256:179C3204312D7CF8032102773629BCB3E5FFF792D1D808931CB6619A431D2435
                                                                                                                                                                                                                                                                        SHA-512:13AF1F2C118E898E6055CA61286C9766DF75366FF4F30708F613193CD8F89AFC4A4CC2FD31FC3AC6DCE5D577EE83E203F79ACA3B739D9D9E9E60B42CD9C7036E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DIRECT.#define _INC_DIRECT..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif.. _CRTIMP char *__cdecl _getcwd(char *_DstBuf,int _SizeInBytes);. _CRTIMP char *__cdecl _getdcwd(int _Drive,char *_DstBuf,int _SizeInBytes);. char *__cdecl _getdcwd_nolock(int _Drive,char *_DstBuf,int _SizeInBytes);. _CRTIMP int __cdecl _chdir(const char *_Path);. _CRTIMP int __cdecl _mkdir(const char *_Path);. _CRTIMP int __cdecl _rmdir(const char *_Path);. _CRTIMP int __cdecl _chdrive(int _Drive);. _CRTIMP in

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-4EMRA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1269
                                                                                                                                                                                                                                                                        Entropy (8bit):5.067511244355359
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDeLwFq64bCszOD1zr/Aob1UBFv1tDaMLQHy2RoP/17FN:GOFq6UkybLGMLgyx/17z
                                                                                                                                                                                                                                                                        MD5:478ADD63D2C741D03A60A11BDC4FC0D3
                                                                                                                                                                                                                                                                        SHA1:E9E0C857D2C409F23C346D81B77C5634F1C395AB
                                                                                                                                                                                                                                                                        SHA-256:FBD94F945A57165AC897BDBACD2A861B1351E7850FA76752703C0A622E0646FA
                                                                                                                                                                                                                                                                        SHA-512:BCCC563718B1A03E93E5BF8CF0D79BB3128A3FC1FDD6FBC17792CBAF3C5DE70DE06EC2F88D8EED7105FF62056E32E9A79570F5890E75F4443033421D283B2FEC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#include <io.h>..#ifndef _INC_FCNTL.#define _INC_FCNTL..#define _O_RDONLY 0x0000.#define _O_WRONLY 0x0001.#define _O_RDWR 0x0002.#define _O_APPEND 0x0008.#define _O_CREAT 0x0100.#define _O_TRUNC 0x0200.#define _O_EXCL 0x0400.#define _O_TEXT 0x4000.#define _O_BINARY 0x8000.#define _O_WTEXT 0x10000.#define _O_U16TEXT 0x20000.#define _O_U8TEXT 0x40000.#define _O_ACCMODE (_O_RDONLY|_O_WRONLY|_O_RDWR)..#define _O_RAW _O_BINARY.#define _O_NOINHERIT 0x0080.#define _O_TEMPORARY 0x0040.#define _O_SHORT_LIVED 0x1000..#define _O_SEQUENTIAL 0x0020.#define _O_RANDOM 0x0010..#if !defined(NO_OLDNAMES) || defined(_POSIX).#define O_RDONLY _O_RDONLY.#define O_WRONLY _O_WRONLY.#define O_RDWR _O_RDWR.#define O_APPEND _O_APPEND.#define O_CREAT _O_CREAT.#define O_TRUNC _O_TRUNC

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-56CDG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1410
                                                                                                                                                                                                                                                                        Entropy (8bit):5.11838654592129
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDZ8CF1niJLkkutU0IdH6lO7baol3fRfUJhBJXs:Gi4YeH8915s
                                                                                                                                                                                                                                                                        MD5:B81E5A965ABD076FB52DE6DFA22A78C4
                                                                                                                                                                                                                                                                        SHA1:DC11ACF6A38871E60D79108DAD6C3156715F05E7
                                                                                                                                                                                                                                                                        SHA-256:7C8494FE57D944773861C4C1CC1F2B46B3111144A24BF505B3D47B32F0AC1E8A
                                                                                                                                                                                                                                                                        SHA-512:8F3057882753150FEFA734897ECFD8DC4082580E856947910FCD891D744651706338A7DF78C1DCF1C7E54EE79EA2A6E8D2646BE9DAC92EF301D7347801F04273
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_ERRNO.#define _INC_ERRNO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRT_ERRNO_DEFINED.#define _CRT_ERRNO_DEFINED. _CRTIMP extern int *__cdecl _errno(void);.#define errno (*_errno()).. errno_t __cdecl _set_errno(int _Value);. errno_t __cdecl _get_errno(int *_Value);.#endif..#define EPERM 1.#define ENOENT 2.#define ESRCH 3.#define EINTR 4.#define EIO 5.#define ENXIO 6.#define E2BIG 7.#define ENOEXEC 8.#define EBADF 9.#define ECHILD 10.#define EAGAIN 11.#define ENOMEM 12.#define EACCES 13.#define EFAULT 14.#define EBUSY 16.#define EEXIST 17.#define EXDEV 18.#define ENODEV 19.#define ENOTDIR 20.#define EISDIR 21.#define ENFILE 23.#define EMFILE 24.#define ENOTTY 25.#define EFBIG 27.#define ENOSPC 28.#define ESPIPE 29.#define EROFS 30.#de

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-5QK2E.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1583
                                                                                                                                                                                                                                                                        Entropy (8bit):5.223946000134317
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDPvH5BolYl9cEPXEDv5JOhS3zDOE/MVuTYE3tmV+Rv4fMBzN80FnPibwB:GWcqvvsDNzD9koS+94fQzN8OPibwDrhT
                                                                                                                                                                                                                                                                        MD5:A106C85866BF88A68510029349149B52
                                                                                                                                                                                                                                                                        SHA1:989F8BF922CAC5BEB03905A0E35C3C7B4B125C85
                                                                                                                                                                                                                                                                        SHA-256:045A031B376733ED7A685BC01709F5281403729FF7C601B913B2ACA2FE1493BB
                                                                                                                                                                                                                                                                        SHA-512:205611A36897D5A87EB54DA5C2C193680DAD95DDA01A55DCEF61665ED09EFD322A20F276D9419A64144941CF0B59339FF9D15C1A7A9C86DA60F140364EACFF73
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SIGNAL.#define _INC_SIGNAL..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _SIG_ATOMIC_T_DEFINED.#define _SIG_ATOMIC_T_DEFINED. typedef int sig_atomic_t;.#endif..#define NSIG 23..#define.SIGHUP.1./* hangup */.#define SIGINT 2.#define.SIGQUIT.3./* quit */.#define SIGILL 4.#define.SIGTRAP.5./* trace trap (not reset when caught) */.#define.SIGIOT.6./* IOT instruction */.#define.SIGABRT 6./* used by abort, replace SIGIOT in the future */.#define.SIGEMT.7./* EMT instruction */.#define SIGFPE 8.#define.SIGKILL.9./* kill (cannot be caught or ignored) */.#define.SIGBUS.10./* bus error */.#define SIGSEGV 11.#define.SIGSYS.12./* bad argument to system call */.#define.SIGPIPE.13./* write on a pipe with no one to read it */.#ifdef __USE_MINGW_ALARM.#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-6DBQN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14903
                                                                                                                                                                                                                                                                        Entropy (8bit):5.137879509844942
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:VgGovkt8YzcfdLDQgPVj85xhpp0DghdWRUeuzIDcDW40aMsGQLZX9QLbiR:KGr8ocfdL0w5shpwf40lsGQ6biR
                                                                                                                                                                                                                                                                        MD5:F4948ADEA7D9F60748DE8B427AB85684
                                                                                                                                                                                                                                                                        SHA1:101AD5424E182236EB7F537F17CE846C917CED27
                                                                                                                                                                                                                                                                        SHA-256:749059834143BCD5BDCEA13FC863C8B6587A89D6DFC84CD5017A98DF190DEFBD
                                                                                                                                                                                                                                                                        SHA-512:49847CA1A78BC100739B3AFC8A0D607AC37E340CEBBB0C04B2C067CDBDD6ED33AC5557214282699A89E39F4B8BB3A8B6383FC0A25C19265089E09B08765EA693
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO.#define _INC_STDIO..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#define BUFSIZ 512.#define _NFILE _NSTREAM_.#define _NSTREAM_ 512.#define _IOB_ENTRIES 20.#define EOF (-1)..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifdef _POSIX_.#define _P_tmpdir "/".#define _wP_tmpdir L"/".#else.#define _P_tmpdir "\\".#define _wP_tmpdir L"\\".#endif..#define L_tmpnam (sizeof(_P_tmpdir) + 12)..#ifdef _POSIX_.#define L_ctermid 9.#define L_cuserid 32.#endif..#define SEEK_CUR 1.#define SEEK_END 2.#define SEEK_SET 0..#define STDIN_FILENO

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-ALERU.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3339
                                                                                                                                                                                                                                                                        Entropy (8bit):4.737300914010111
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GzyKQvcpqt7K7PnON+J3esAYUJ0q/nfB2Vt7K7qpdSVNsJ35sAYqJ0q/WaLcC:ayfv0ONgcKqvspkVNyh8q+UcC
                                                                                                                                                                                                                                                                        MD5:AFBE32EE6DED8CBAD33D6FE3FBBF077D
                                                                                                                                                                                                                                                                        SHA1:A7F0D3EDEE5F49E127575EB25E64E2747108E7C3
                                                                                                                                                                                                                                                                        SHA-256:88C1F767FDCD6D51B991EE3234792DA48C8576F5F8816F17A42344F9C8BBB1C1
                                                                                                                                                                                                                                                                        SHA-512:F655A40F8C87A0CB43A34AE47612D5CEF2CF7814FD2AE9CE1C8566F97F45E91470364BD87E8C12861CCE44FB8CCA54717546BAACC6CCBDACE51D0D15206304DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* All the headers include this file. */.#include <_mingw.h>..#ifndef.__STRICT_ANSI__..#ifndef _DIRENT_H_.#define _DIRENT_H_...#pragma pack(push,_CRT_PACKING)..#include <io.h>..#ifndef RC_INVOKED..#ifdef __cplusplus.extern "C" {.#endif.. struct dirent. {. long..d_ino;../* Always zero. */. unsigned short.d_reclen;./* Always zero. */. unsigned short.d_namlen;./* Length of name in d_name. */. char*..d_name;../* File name. */. /* NOTE: The name in the dirent structure points to the name in the. * finddata_t structure in the DIR. */. };.. /*. * This is an internal data structure. Good programmers will not use it. * except as an argument to one of the functions below.. * dd_stat field is now int (was short in older versions).. */. typedef struct. {.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-CT7MQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9755
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0535405224800884
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:aK0sBzLLoy8q3JHZDrs+UAt0g7WnBeaIlzjD:EALLb8ars+Flzf
                                                                                                                                                                                                                                                                        MD5:22E5A00491E32D15B40B196397AD01C1
                                                                                                                                                                                                                                                                        SHA1:B0DB6FCBF4ABD2F4FDEA2771399C1E502D9F8106
                                                                                                                                                                                                                                                                        SHA-256:4CFAAA43B3F7414984126E8B1CDF65F9DAC0EF68D9A3396BE0B8828376A74A6B
                                                                                                                                                                                                                                                                        SHA-512:28839104776441738233334A20DE6CE3ADA51179FB50366C27AB60432949FC78E1CCF735D2E80216F8779D84328634005C322D0010875E8FE0FF33D699ECC114
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CTYPE.#define _INC_CTYPE..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func().(_pctype).#else.#define __pctype_func().(*_imp___pctype).#endif.#endif..#ifndef _pctype.#ifdef _MSVCRT_. extern unsigned short *_pctype;.#else. extern unsigned short **_imp___pctype;.#define _pctype (*_imp___pctype).#endif.#endif..#endif.#endif..#ifndef _CRT_WCTYPEDATA_DEFINED.#define _CRT_WCTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS.#ifndef _wctype.#ifdef _MSVCRT_. extern unsigned short *_wctype;.#else. extern unsigned short **_im

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-D9LUV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6333
                                                                                                                                                                                                                                                                        Entropy (8bit):5.377774221268906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Od4Q69/YQhMgPRVQzD+5VO7wRUNsNwxzMD2eT:Ou/f3Riz65VO7wRUNsNwxG
                                                                                                                                                                                                                                                                        MD5:90C1945AFA014FC0F8D17078C51502CA
                                                                                                                                                                                                                                                                        SHA1:F3A15DC3E32ED97B8CC34C1AFA2C66ECBA3B3BE4
                                                                                                                                                                                                                                                                        SHA-256:33C6C8DA7D564B5702AF8C6FF45C00A16842BA3FFE3F95F7F6232752F63C5AFD
                                                                                                                                                                                                                                                                        SHA-512:BE8557BDA158662ACC18CBD4445D4D2E6787FB5C78A67F0D0E4A62FFC9D2B1173C30C66CA5C6A247DA8FE7C38B7C57AFF050BD4A35B0120BD95400CFB4C2C2B6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* ISO C9x 7.18 Integer types <stdint.h>. * Based on ISO/IEC SC22/WG14 9899 Committee draft (SC22 N2794). *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * Contributor: Danny Smith <danny_r_smith_2001@yahoo.co.nz>. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. * Date: 2000-12-02. */...#ifndef _STDINT_H.#define _STDINT_H..#include <_mingw.h>..#define __need_wint_t.#define __need_wchar_t.#include "stddef.h"..#ifndef __int8_t_defined.#define __int8_t

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-E3SJF.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1374
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161015521868813
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:9Mz83vjoKY2mg/oCrPy+lUmCSh/PTtcmBSED9smlS1:9MEj+bkoCrqahXBPSEDWJ
                                                                                                                                                                                                                                                                        MD5:3B2E4B0C01E5B0B790F4F6751E977CC9
                                                                                                                                                                                                                                                                        SHA1:06DB05E1C73809CD442EF58F775A8E87D708421D
                                                                                                                                                                                                                                                                        SHA-256:C9BAAA478E3BA85897B781F7065B9E144FAACC8E81CAFA5A642B5D49C78434EB
                                                                                                                                                                                                                                                                        SHA-512:28DD57DC4360292B987D38A408771B5E1D5B423BFD9656BEE9DFA2F9BC19696AF63A7F90CD350C8445BB27C5049987D97D9530AB15F3697D37652A91AAA7F892
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _FLOAT_H_.#define _FLOAT_H_..#define FLT_RADIX 2../* IEEE float */.#define FLT_MANT_DIG 24.#define FLT_DIG 6.#define FLT_ROUNDS 1.#define FLT_EPSILON 1.19209290e-07F.#define FLT_MIN_EXP (-125).#define FLT_MIN 1.17549435e-38F.#define FLT_MIN_10_EXP (-37).#define FLT_MAX_EXP 128.#define FLT_MAX 3.40282347e+38F.#define FLT_MAX_10_EXP 38../* IEEE double */.#define DBL_MANT_DIG 53.#define DBL_DIG 15.#define DBL_EPSILON 2.2204460492503131e-16.#define DBL_MIN_EXP (-1021).#define DBL_MIN 2.2250738585072014e-308.#define DBL_MIN_10_EXP (-307).#define DBL_MAX_EXP 1024.#define DBL_MAX 1.7976931348623157e+308.#define DBL_MAX_10_EXP 308../* horrible intel long double */.#if defined __i386__ || defined __x86_64__..#define LDBL_MANT_DIG 64.#define LDBL_DIG 18.#define LDBL_EPSILON 1.08420217248550443401e-19L.#define LDBL_MIN_EXP (-16381).#define LDBL_MIN 3.36210314311209350626e-4932L.#define LDBL_MIN_10_EXP (-4931).#define LDBL_MAX_EXP 16384.#define LDBL_MAX 1.18973149535723176502e+4932L.#defin

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-FBFKT.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):355
                                                                                                                                                                                                                                                                        Entropy (8bit):4.9174278150037285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2Ti2F0A/ivi+M8WjTffBX5FoKtn+cs:UJJISFcShcFP+4B6Xr/qi+MHjjfBcKta
                                                                                                                                                                                                                                                                        MD5:8C659FCB5BA111C2A40716A84A2540D8
                                                                                                                                                                                                                                                                        SHA1:20069AF3A3805CF4CB05339F7A7A860F04A1E4B9
                                                                                                                                                                                                                                                                        SHA-256:07858857F4EED0A61DF94BEB1A9D678B53FC3D67A0B0E8936155F85DDBCD1DCC
                                                                                                                                                                                                                                                                        SHA-512:D1B19DEC523C79320BB3380F29981A49EFB178F06C0538BCE0A5B36AFEABEC9BE0F2A9D02436EDF2AC0970CB14B175B3387BBB14A1E5F62EEC9971C0C7648A99
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _VARARGS_H.#define _VARARGS_H..#error "TinyCC no longer implements <varargs.h>.".#error "Revise your code to use <stdarg.h>."..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-FQI7K.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1439
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2295620824781714
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDaGduHH7PPW3ep0m3Vp0GrHt+5p0CKpmucLNw/HHsuHfgpbrRD:GRdm3emm3Vm+HOmCKmC1fgdp
                                                                                                                                                                                                                                                                        MD5:9C022D741996DB6D32411BFEF4EADB41
                                                                                                                                                                                                                                                                        SHA1:4BA93D77927EB8CFDCFE07F56D6EDADE180AF1DD
                                                                                                                                                                                                                                                                        SHA-256:3AB7EDEC5E55840C35BE252BAD52236955C3B4F9143810CDB1F09C34510EB8C4
                                                                                                                                                                                                                                                                        SHA-512:E448608BFECB770A087CB19934A1B45A5C564EA10BDF5A40BBB250F472830ECEE4990C669E90E495ECB5D4E48C3871CC2A33CE84F2D38524449FC9F5FD501DA0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __ASSERT_H_.#define __ASSERT_H_..#include <_mingw.h>.#ifdef __cplusplus.#include <stdlib.h>.#endif..#ifdef NDEBUG.#ifndef assert.#define assert(_Expression) ((void)0).#endif.#else..#ifndef _CRT_TERMINATE_DEFINED.#define _CRT_TERMINATE_DEFINED. void __cdecl __MINGW_NOTHROW exit(int _Code) __MINGW_ATTRIB_NORETURN;. _CRTIMP void __cdecl __MINGW_NOTHROW _exit(int _Code) __MINGW_ATTRIB_NORETURN;.#if !defined __NO_ISOCEXT /* extern stub in static libmingwex.a */./* C99 function name */.void __cdecl _Exit(int) __MINGW_ATTRIB_NORETURN;.__CRT_INLINE __MINGW_ATTRIB_NORETURN void __cdecl _Exit(int status).{ _exit(status); }.#endif..#pragma push_macro("abort").#undef abort. void __cdecl __declspec(noreturn) abort(void);.#pragma pop_macro("abort")..#endif..#ifdef __cplusplus.ext

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-GJBAD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):31364
                                                                                                                                                                                                                                                                        Entropy (8bit):4.752286291497649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:ngntwzzdfQQbqvoRFCM/CVwLn4wyQoPUQ:PzdfQQbqvo1UwNoPUQ
                                                                                                                                                                                                                                                                        MD5:E237270733EDC1CB97B10870A3D50A69
                                                                                                                                                                                                                                                                        SHA1:C2406D465B5E8D94E1CB61C6C3F312BDB018AC80
                                                                                                                                                                                                                                                                        SHA-256:7FE5FDE028FF8F69D2BDA910664E2C169E7B92C6E7F2CF7915EB72054A9746FF
                                                                                                                                                                                                                                                                        SHA-512:8DF9ADD42AD3C8C378E93AF4BEC69489D59B8088974A40EC04FB91749DC050E3000674C9388FAE9937F87D6ABB60199B13D179BF0A8654370A66DB64CDD2E1B1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_TCHAR.#define _INC_TCHAR..#ifdef _STRSAFE_H_INCLUDED_.#error Need to include strsafe.h after tchar.h.#endif..#ifdef __cplusplus.extern "C" {.#endif..#define _ftcscat _tcscat.#define _ftcschr _tcschr.#define _ftcscpy _tcscpy.#define _ftcscspn _tcscspn.#define _ftcslen _tcslen.#define _ftcsncat _tcsncat.#define _ftcsncpy _tcsncpy.#define _ftcspbrk _tcspbrk.#define _ftcsrchr _tcsrchr.#define _ftcsspn _tcsspn.#define _ftcsstr _tcsstr.#define _ftcstok _tcstok..#define _ftcsdup _tcsdup.#define _ftcsnset _tcsnset.#define _ftcsrev _tcsrev.#define _ftcsset _tcsset..#define _ftcscmp _tcscmp.#define _ftcsicmp _tcsicmp.#define _ftcsnccmp _tcsnccmp.#define _ftcsncmp _tcsncmp.#define _ftcsncicmp _tcsncicmp.#define _ftcsnicmp _tcsnicmp..#define _ftcscoll _tc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-H0H27.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3867
                                                                                                                                                                                                                                                                        Entropy (8bit):5.235190435579294
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:hINzkdpqiPK62I7m503BDSX92h1Mjw9dQZOpxrW7qcvshO+RgA2CRu/PXOE:hINzkdpqiPKdI7m503FSXUhOjw9Fpxrs
                                                                                                                                                                                                                                                                        MD5:8BF97DC43B347CBCF622768EF43090EF
                                                                                                                                                                                                                                                                        SHA1:E6BE2C1B1FE50C19BCD2814E3827C7D94680E51B
                                                                                                                                                                                                                                                                        SHA-256:B6164EB7FAE4A12163251492F7F4E56CC50D146EC7A2F5640D86ECA4D095046F
                                                                                                                                                                                                                                                                        SHA-512:F2F1A16A1D719B10A20B8BE8B5046E151C50792D8D07A2E7F6BC8EB0D53FFCE7E66E53934E688FD1C3FDFE00545BF203267FB59CBD289AD92F3786E473F8198F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SETJMP.#define _INC_SETJMP..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#if (defined(_X86_) && !defined(__x86_64))..#define _JBLEN 16.#define _JBTYPE int.. typedef struct __JUMP_BUFFER {. unsigned long Ebp;. unsigned long Ebx;. unsigned long Edi;. unsigned long Esi;. unsigned long Esp;. unsigned long Eip;. unsigned long Registration;. unsigned long TryLevel;. unsigned long Cookie;. unsigned long UnwindFunc;. unsigned long UnwindData[6];. } _JUMP_BUFFER;.#elif defined(__ia64__). typedef _CRT_ALIGN(16) struct _SETJMP_FLOAT128 {. __int64 LowPart;. __int64 HighPart;. } SETJMP_FLOAT128;..#define _JBLEN 33. typedef SETJMP_FLOAT128 _JBTYPE;.. typedef struct __JUMP_BUFFER {..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-H4P16.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4782
                                                                                                                                                                                                                                                                        Entropy (8bit):5.146949090032166
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:4+KnaNsLsNwnSTOXNXgXXXVX+1XPXmXIX6QXJX9XZXdwUSv:4+KA6O6XNXgXXXVXkXPXmXIXfXJX9XZK
                                                                                                                                                                                                                                                                        MD5:C238CFA11A44926BECD364AB35BFC821
                                                                                                                                                                                                                                                                        SHA1:54D68B8EF71D277BD5173E0AAC794D6EBDB00360
                                                                                                                                                                                                                                                                        SHA-256:E12D9C5BCBE4DFB96EA6C75410EA287917B3C24BFF9CD2E716D35E00C1D4906C
                                                                                                                                                                                                                                                                        SHA-512:C64F6A3B18D84C8498A2270E7152C4001D6D7EE1ACD04169F616A7808A05A02F34E2876BA0CB8D979AE75752109B50A65A66207C86FE936402BDA39AC93833C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCTYPE.#define _INC_WCTYPE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef _WCTYPE_T_DEFINED. typedef unsigned short wint_t;. typedef unsigned short wctype_t;.#define _WCTYPE_T_DEFINED.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func() (_pctype).#else.#define __pctype_func() (*_imp___pctype).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-HVU4U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2686
                                                                                                                                                                                                                                                                        Entropy (8bit):5.279528518541247
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GXFLawQcx1ZvUTc/5p3C8QcvAv1p3R0C8+Rve/KQ1i5/o4XqzOvQQHc8/Y:sn91ZgcrCkvQv0C8ksd4na
                                                                                                                                                                                                                                                                        MD5:21CE377183014C3535643C9050306A33
                                                                                                                                                                                                                                                                        SHA1:41B25206EDD6309884312FD70026096C35A6DBEB
                                                                                                                                                                                                                                                                        SHA-256:39C0761F0E43D7B936B9B81C85673DD82896EBFA66E9F1B9A19B45F34E4CD52A
                                                                                                                                                                                                                                                                        SHA-512:3B0FA5D6EBB7AC47694C7D04B4835AF6C089344F7F8337DB74B34E3B46A1792295224DC232FAC1FD0DB482FC32C8A6A4BFCAF4F39C35DCCD98600181C314B43D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_LIMITS.#define _INC_LIMITS../*.* File system limits.*.* TODO: NAME_MAX and OPEN_MAX are file system limits or not? Are they the.* same as FILENAME_MAX and FOPEN_MAX from stdio.h?.* NOTE: Apparently the actual size of PATH_MAX is 260, but a space is.* required for the NUL. TODO: Test?.*/.#define PATH_MAX.(259)..#define CHAR_BIT 8.#define SCHAR_MIN (-128).#define SCHAR_MAX 127.#define UCHAR_MAX 0xff..#define CHAR_MIN SCHAR_MIN.#define CHAR_MAX SCHAR_MAX..#define MB_LEN_MAX 5.#define SHRT_MIN (-32768).#define SHRT_MAX 32767.#define USHRT_MAX 0xffff.#define INT_MIN (-2147483647 - 1).#define INT_MAX 2147483647.#define UINT_MAX 0xffffffff.#define LONG_MIN (-2147483647L - 1).#define LONG_MAX 2147483647L.#define ULONG_MAX 0xffffffffUL.#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-IH1SQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9091
                                                                                                                                                                                                                                                                        Entropy (8bit):5.046593382105061
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:kVIYQ03tIPjxoNimr4mJ6hIO0XtcsQQ05vQTcsBOdFS3b6dyntql+:kVIYQ03tIPjxoNimr4mJ6hIOmcsQQ05E
                                                                                                                                                                                                                                                                        MD5:F06EDAF6AB750607C33C37BFE50B2EB2
                                                                                                                                                                                                                                                                        SHA1:CA3AFC7781760D84432B06567AFBDA24587757DD
                                                                                                                                                                                                                                                                        SHA-256:6947C954F2AF676E66CC38D64B1A165428734000E2E272F883C2D74A85B82020
                                                                                                                                                                                                                                                                        SHA-512:9926B19FBD4B30ECF6682AE5945401E4387D2B5CE02D7643B51C660462B761B08F52A99F2B7DA73B574C7BC6388CD23CA3ED8451A3CF2B3501AD217925A503EB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_PROCESS.#define _INC_PROCESS..#include <_mingw.h>../* Includes a definition of _pid_t and pid_t */.#include <sys/types.h>..#ifndef _POSIX_.#ifdef __cplusplus.extern "C" {.#endif..#define _P_WAIT 0.#define _P_NOWAIT 1.#define _OLD_P_OVERLAY 2.#define _P_NOWAITO 3.#define _P_DETACH 4.#define _P_OVERLAY 2..#define _WAIT_CHILD 0.#define _WAIT_GRANDCHILD 1.. _CRTIMP uintptr_t __cdecl _beginthread(void (__cdecl *_StartAddress) (void *),unsigned _StackSize,void *_ArgList);. _CRTIMP void __cdecl _endthread(void);. _CRTIMP uintptr_t __cdecl _beginthreadex(void *_Security,unsigned _StackSize,unsigned (__stdcall *_StartAddress) (void *),void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);. _CRTIMP void __cdecl _endthreadex(unsigned _Retval);..#ifndef _CRT_TERMINATE_DE

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-IH693.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5214
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2821319558661655
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:y4bSZjA6r8VdQINtNy6XVqB4/mLErYQ015U/dIuvwQRbZBq35jU:9urrSXIzGdIuvwQR9YJo
                                                                                                                                                                                                                                                                        MD5:537BC027E86F7252D88B6BF2FE5B2F35
                                                                                                                                                                                                                                                                        SHA1:7F3361D220F96AD1B93669254937929F267CC333
                                                                                                                                                                                                                                                                        SHA-256:7307FF330B8D7954D548E19E45887ED64DE36DA5BEE1FDA2CC021F0C1C1892BD
                                                                                                                                                                                                                                                                        SHA-512:3D7693F46FE1272DECBA8EFB6A01853786419055CF338CC900C9FE3EC1B795BA25E16878A5D53261BF3BC3BAB7525110B6F1844501D5FB6BE45C57B5D277F625
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MALLOC_H_.#define _MALLOC_H_..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _MM_MALLOC_H_INCLUDED.#define _MM_MALLOC_H_INCLUDED.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _WIN64.#define _HEAP_MAXREQ 0xFFFFFFFFFFFFFFE0.#else.#define _HEAP_MAXREQ 0xFFFFFFE0.#endif..#ifndef _STATIC_ASSERT.#define _STATIC_ASSERT(expr) extern void __static_assert_t(int [(expr)?1:-1]).#endif../* Return codes for _heapwalk() */.#define _HEAPEMPTY (-1).#define _HEAPOK (-2).#define _HEAPBADBEGIN (-3).#define _HEAPBADNODE (-4).#define _HEAPEND (-5).#define _HEAPBADPTR (-6)../* Values for _heapinfo.useflag */.#define _FREEENTRY 0.#define _USEDENTRY 1..#ifndef _HEAPINFO_DEFINED.#define _HEAPINFO_DEFINED. /* The structure used to walk through the heap with _heapwalk.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-IJLDN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20426
                                                                                                                                                                                                                                                                        Entropy (8bit):5.091356495974476
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:X5I7a44IVaadf7trkr6vrRcbCGX8XnaTjWb5:Uvf7trkr6vrRHaTjWb5
                                                                                                                                                                                                                                                                        MD5:53D74BF044942015FEC4AFD293D2F9A8
                                                                                                                                                                                                                                                                        SHA1:010AB014E3B81B3A7E2D1D87FF0281A8736A4ABC
                                                                                                                                                                                                                                                                        SHA-256:5BBA095A2D22A6BC0670F73BFEBBA63CFEC65F8B7C248E84E36B3D7EDE0A4F3C
                                                                                                                                                                                                                                                                        SHA-512:64B66F0D610D37E6F55702130FAD39F39D30F44D33221C6A985CD03948968D4C4CAFB7676402A9A4A029C8539EFBFA5801C0D1BCBF667B876F3E7BB08F9BF89F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB.#define _INC_STDLIB..#include <_mingw.h>.#include <limits.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define EXIT_SUCCESS 0.#define EXIT_FAILURE 1..#ifndef _ONEXIT_T_DEFINED.#define _ONEXIT_T_DEFINED.. typedef int (__cdecl *_onexit_t)(void);..#ifndef NO_OLDNAMES.#define onexit_t _onexit_t.#endif.#endif..#ifndef _DIV_T_DEFINED.#define _DIV_T_DEFINED.. typedef struct _div_t {. int quot;. int rem;. } div_t;.. typedef struct _ldiv_t {. long quot;. long rem;. } ldiv_t;.#endif..#ifndef _CRT_DOUBLE_DEC.#define _CRT_DOUBLE_DEC..#pragma pack(4). typedef struct {. unsigned char ld[10];. } _LDOUBLE;.#pragma pack()..#defin

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-KQ7DG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10222
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118611530215232
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:cwxjJoLCBGnjq/Kn4aq3qvsbLJKr7nnJik1gngZxl9e7PpTGO+HT7R8AitqazIh5:cwzbLJyLnJ6O8PpTGOEiNzIhIbIXP3JF
                                                                                                                                                                                                                                                                        MD5:ACE688BCE0201B3B8BC3B7AF3CEC1BA7
                                                                                                                                                                                                                                                                        SHA1:7B967DE03772076207537292C4163994D4EAD095
                                                                                                                                                                                                                                                                        SHA-256:FACA8509C87FAE987A5E98CDC95171E036895037427D12930E2A83092D23FBB5
                                                                                                                                                                                                                                                                        SHA-512:A83753F6A1B82BCDFCF0B948C93F2E09A0A13105A112C161ABAD6DE84162DA67600CF5458FF51264DDC462077033DE3C8496E7B2251831871005D747AE58A24A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/* tccdefs.h.... Nothing is defined before this file except target machine, target os.. and the few things related to option settings in tccpp.c:tcc_predefs()..... This file is either included at runtime as is, or converted and.. included as C-strings at compile-time (depending on CONFIG_TCC_PREDEFS)..... Note that line indent matters:.... - in lines starting at column 1, platform macros are replaced by.. corresponding TCC target compile-time macros. See conftest.c for.. the list of platform macros supported in lines starting at column 1..... - only lines indented >= 4 are actually included into the executable,.. check tccdefs_.h...*/....#if __SIZEOF_POINTER__ == 4.. /* 32bit systems. */..#if defined TARGETOS_OpenBSD.. #define __SIZE_TYPE__ unsigned long.. #define __PTRDIFF_TYPE__ long..#else.. #define __SIZE_TYPE__ unsigned int.. #define __PTRDIFF_TYPE__ int..#endif.. #define __ILP32__ 1.. #define __INT64_TYPE__ long long..#el

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-MLHNP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):126
                                                                                                                                                                                                                                                                        Entropy (8bit):4.580595223579644
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:UwqZKUaAJAtMLnKEwOEtLDLaF9rL4AsNXIC:Uwq1LJvnKEcXaF94FNXIC
                                                                                                                                                                                                                                                                        MD5:621045AE9CA57FE30C8A99DD52AC5703
                                                                                                                                                                                                                                                                        SHA1:39B1E30A678EAC4DF1B78C0EF9D315A18DF4F156
                                                                                                                                                                                                                                                                        SHA-256:FA3758847B33F59ABE99B023BE00D8A027C391ECD0580A1FE755497C11E0C723
                                                                                                                                                                                                                                                                        SHA-512:AADE260048487D82F129A9A51FBDEA949793465C33DC147B31943D22523FB1A63C48F80FCA370D5929BCCA76B89CD15D9786C439A65C396BB4A5416D387E3F3A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*. * TODO: Nothing here yet. Should provide UNIX compatibility constants. * comparable to those in limits.h and float.h.. */.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-N074Q.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):952
                                                                                                                                                                                                                                                                        Entropy (8bit):4.981227039868006
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDadJeDoxsClLEdPQq15Fo30wLwNOk60:GYo6XDQsLp
                                                                                                                                                                                                                                                                        MD5:EF5C7267DF270272BFA8F8EBD1B516F2
                                                                                                                                                                                                                                                                        SHA1:1E3F8A9AFD814EFA8CF7C88DC480E9914A5BC570
                                                                                                                                                                                                                                                                        SHA-256:84064B17E501D691C43D47E45B112C2884DB467417910B5FA1482B72342BADFB
                                                                                                                                                                                                                                                                        SHA-512:8CA2B0E08B66EAA843FC7AD0F8F4063450A469914819A637AA3F8CAC39DD38E32CC0403F2B04F767AE486934026585B56F93544C8A1F5D92CCE32CE84A4506F4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* . * dir.h. *. * This file OBSOLESCENT and only provided for backward compatibility.. * Please use io.h instead.. *. * This file is part of the Mingw32 package.. *. * Contributors:. * Created by Colin Peters <colin@bird.fu.is.saga-u.ac.jp>. * Mumit Khan <khan@xraylith.wisc.edu>. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#include <io.h>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-N19UV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3146
                                                                                                                                                                                                                                                                        Entropy (8bit):5.109358717547865
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GjF4XfZlIPU0rBLeGwDO0QZFxI2bMCaZSpEhW8bxv:CivoPU0rBLeRDO0QfxI2YCaZZhNl
                                                                                                                                                                                                                                                                        MD5:DEEC7C35F77EC8E22074667641CA8851
                                                                                                                                                                                                                                                                        SHA1:8CCE6B663A9A04B3C13AA6621B0798E487A8A88E
                                                                                                                                                                                                                                                                        SHA-256:67A827ACF4E09653AFB5D18F2ECAA5FCDFB7471D8A5B8197C2F33D06E8462F84
                                                                                                                                                                                                                                                                        SHA-512:8DE2B82B0579E6C37546A26BC1AB5D7603090E815D8CE728474B1405339AB4EF4F0794DF19FF4CC3780AA7259288D4D93FD50B0E9C63D413FF22AD5E72BFCBE5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _FENV_H_.#define _FENV_H_..#include <_mingw.h>../* FPU status word exception flags */.#define FE_INVALID.0x01.#define FE_DENORMAL.0x02.#define FE_DIVBYZERO.0x04.#define FE_OVERFLOW.0x08.#define FE_UNDERFLOW.0x10.#define FE_INEXACT.0x20.#define FE_ALL_EXCEPT (FE_INVALID | FE_DENORMAL | FE_DIVBYZERO \... | FE_OVERFLOW | FE_UNDERFLOW | FE_INEXACT)../* FPU control word rounding flags */.#define FE_TONEAREST.0x0000.#define FE_DOWNWARD.0x0400.#define FE_UPWARD.0x0800.#define FE_TOWARDZERO.0x0c00../* The MXCSR exception flags are the same as the. FE flags. */.#define __MXCSR_EXCEPT_FLAG_SHIFT 0../* How much to shift FE status word exception flags. to get MXCSR rounding flags, */.#define __MXCSR_ROUND_FLAG_SHIFT 3..#ifndef RC_INVOKED./*. For now, support only for t

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-OM56O.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):34132
                                                                                                                                                                                                                                                                        Entropy (8bit):5.065285191271868
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:2186Orc7LIJ8SNgVx6eG17k8MGOHlE4eGP0+aILsGQ86jWIwF2iiEYbS:2IcE8SNgVx61JC6jry2E
                                                                                                                                                                                                                                                                        MD5:D6B25F8E3068967751493431B36C4248
                                                                                                                                                                                                                                                                        SHA1:3145ED71F286525D1FF492AE920B30694123259E
                                                                                                                                                                                                                                                                        SHA-256:C9BF12E02A2AB0783ED1C66DFE43DE43C402B33906CADA9B1157502A82C7C3E4
                                                                                                                                                                                                                                                                        SHA-512:02A480389CECC909978130585609F57D03728726E72E5FEE89874ACCA4122D971D74FC615949F8675513EDCFE3198201AD0118F795B147C6FCA10D28E8856645
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR.#define _INC_WCHAR..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WCHAR_MIN /* also at stdint.h */.#define WCHAR_MIN 0.#define WCHAR_MAX ((wchar_t) -1) /* UINT16_MAX */.#endif..#ifndef __GNUC_VA_LIST.#define __GNUC_VA_LIST. typedef __builtin_va_list __gnuc_va_list;.#endif..#ifndef _VA_LIST_DEFINED.#define _VA_LIST_DEFINED. typedef __gnuc_va_list va_list;.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifndef _STDIO_DEFINED.#ifdef _WIN64. _CRTIMP FILE *__

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-P1OI6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1233
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1075312514305296
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDYqsS6s1UzFf5wNaCmwN0PK0PQvYaH2l2X:GlS6s1k5wNaRwNt95H2U
                                                                                                                                                                                                                                                                        MD5:29F62B1ADD26DC1AED3FAAD03FAC030D
                                                                                                                                                                                                                                                                        SHA1:6F605B9A153A987F2939AE6500D6391FDC107332
                                                                                                                                                                                                                                                                        SHA-256:B4341E188913A819FA3BF101078A95CA077780219373F424C39AD86C94E04B6F
                                                                                                                                                                                                                                                                        SHA-512:3D98E9F039DDA694A660BA7D2F7906FCD60016DC6A8FED78CEB7B191618318A68D34169B9480BA5727730F6BD6357A13FD02E0CDCA5439A45E06D2F0D61DABE0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MEMORY.#define _INC_MEMORY..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CONST_RETURN.#define _CONST_RETURN.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Buf2,size_t _Size);. void *__cdecl memcpy(void *_Dst,const void *_Src,size_t _Size);. void *__cdecl memset(void *_Dst,int _Val,si

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-PL7EI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):639
                                                                                                                                                                                                                                                                        Entropy (8bit):5.116570644892466
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BWIYKIiSUfwfvarry9rowrrqir3qGr+PFeHqveB7n4y8yvkA4p:i2PSh0PDWWIivavaq98whzlgFeHqve7u
                                                                                                                                                                                                                                                                        MD5:540EF403878DDBE2D4682540DA20095F
                                                                                                                                                                                                                                                                        SHA1:4E3230DF4B7A906CDC3B6E3E1A5CC768CC79C327
                                                                                                                                                                                                                                                                        SHA-256:6DE922C1BD7EEDC33308304785C212945064D763EEDFB373C09CBBB5CB933DDE
                                                                                                                                                                                                                                                                        SHA-512:7C27842CB6F3D2B9707A5DF55B45BCC5DD613CDA8C550F0232F0CB9DF8B59013F428EC3FC07FB002DFF80D26BB9941CE76CAADD22BD4B539C9F11EA13FE12EF5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SHARE.#define _INC_SHARE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#define _SH_COMPAT 0x00.#define _SH_DENYRW 0x10.#define _SH_DENYWR 0x20.#define _SH_DENYRD 0x30.#define _SH_DENYNO 0x40.#define _SH_SECURE 0x80..#ifndef.NO_OLDNAMES.#define SH_COMPAT _SH_COMPAT.#define SH_DENYRW _SH_DENYRW.#define SH_DENYWR _SH_DENYWR.#define SH_DENYRD _SH_DENYRD.#define SH_DENYNO _SH_DENYNO.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-PLCBK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3865
                                                                                                                                                                                                                                                                        Entropy (8bit):5.239566441223487
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:aOgQsLqPQLHbXTN6oYsNhd6vgAwFQCbTprO5BPPTeraG9n0WP/zgSRQh:aOgQO3hdE8KBPPTrGHU5
                                                                                                                                                                                                                                                                        MD5:DC2829239704CDD5A5109699666FA573
                                                                                                                                                                                                                                                                        SHA1:60C09E102F552444D59ED9ED474E667136C16DC0
                                                                                                                                                                                                                                                                        SHA-256:AB4BE7D34E7FA0E722F0948E0C90AD4D95B8A1EC649C2F186DFA387B57BE7833
                                                                                                                                                                                                                                                                        SHA-512:F3551AEF2A0FFE42A16F1A8BE26B2C2722E773A59D21B60B2454AB0B68B008402623F378D2AFAA30FEBA87F560475A52D2899E6D062BD7F88E22119B25231F17
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*. * _mingw.h. *. * This file is for TinyCC and not part of the Mingw32 package.. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#ifndef __MINGW_H.#define __MINGW_H../* some winapi files define these before including _mingw.h --> */.#undef __cdecl.#undef _X86_.#undef WIN32./* <-- */..#include <stddef.h>.#include <stdarg.h>..#define __int8 char.#define __int16 short.#define __int32 int.#define __int64 long long.#define _HAVE_INT64..#define __cdecl.#define __declspec(x) __attribute__((x)).#define __unaligned __attribute__((packed)).#define __fastcall __attribute__((fastcall))..#define __MSVCRT__ 1.#undef _MSVCRT_

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-Q14SF.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11130
                                                                                                                                                                                                                                                                        Entropy (8bit):4.886603456377803
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R9IFnJJzpoJItwJ+Y31t1d1uF8sFX9B17lHLQWq4QcHyQA3sG1:XI4IJ2WzPw
                                                                                                                                                                                                                                                                        MD5:6A61E54AD2614BA528414C7B69147CAF
                                                                                                                                                                                                                                                                        SHA1:242479133484E15A2AF816D95DDB053835BF4C64
                                                                                                                                                                                                                                                                        SHA-256:DE7161F85835D98B38FE6A19EF8973DCAF58EC237B1C91CF05AC535B2FF3845F
                                                                                                                                                                                                                                                                        SHA-512:468702A606E20FFA893054F676C56DFE6EB3D28A002BAE143298422AB388A2F2F78E318714F5274BC9EBD243863F5228D5EBEAD5F31D892E96D8742C8E6846A1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CONIO.#define _INC_CONIO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP char *_cgets(char *_Buffer);. _CRTIMP int __cdecl _cprintf(const char *_Format,...);. _CRTIMP int __cdecl _cputs(const char *_Str);. _CRTIMP int __cdecl _cscanf(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _getch(void);. _CRTIMP int __cdecl _getche(void);. _CRTIMP int __cdecl _vcprintf(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_p(const char *_Format,...);. _CRTIMP int __cdecl _vcprintf_p(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_l(const char *_Format,_loc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-Q88S7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):304
                                                                                                                                                                                                                                                                        Entropy (8bit):4.976431807239841
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2n2ADbA96Iy/KTMk:UJJISFcShcFP+4BbHYPSN
                                                                                                                                                                                                                                                                        MD5:DDA4463DA15121ED7AD4F091FBF61DFF
                                                                                                                                                                                                                                                                        SHA1:84B4C4973306EF725C3F61446AB891CAC6AA66A4
                                                                                                                                                                                                                                                                        SHA-256:2E6AB359559319A11A80F8F52AA0472CD0B141137F3A1EAA18C40D8827DC51D4
                                                                                                                                                                                                                                                                        SHA-512:D3417CF7702A17F0F327CBAF8D167D7830A2955C19D553893329696CDF2312707595CF0F6DDAA36EA18D0CEA41F24E6FA9C15AC14D5BC567BC25A1CC81B733FE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_VADEFS.#define _INC_VADEFS..//!__TINYC__: GNUC specific stuff removed..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-QDDCM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):23077
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0910424086795425
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:lpwI012C9/SKSP4qROW8JuWucZBFRzWhHONMLPik9OeY:lpq2C9/FA4OOJr
                                                                                                                                                                                                                                                                        MD5:631F16C4A65CF2F47FA49C9220D9C500
                                                                                                                                                                                                                                                                        SHA1:330EADF08FDCB31747BF7C84182F2A5EECFA3FAB
                                                                                                                                                                                                                                                                        SHA-256:0BC33882BD2AF1E7D33C38C0160E2A0AE737836815360765750CDC7E98E5DFC5
                                                                                                                                                                                                                                                                        SHA-512:92EB690CA7D563269CEAEFFAC1F0FFBA6D010568431843F2DD82DCA7A1ACA0E6634C3335202ED5559FE631B0ED7C585DC1C3F5BB248FE3D571BA754B22B6AD5A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MATH_H_.#define _MATH_H_..#if __GNUC__ >= 3.#pragma GCC system_header.#endif..#include <_mingw.h>..struct exception;..#pragma pack(push,_CRT_PACKING)..#define _DOMAIN 1.#define _SING 2.#define _OVERFLOW 3.#define _UNDERFLOW 4.#define _TLOSS 5.#define _PLOSS 6..#ifndef __STRICT_ANSI__.#ifndef.NO_OLDNAMES.#define DOMAIN _DOMAIN.#define SING _SING.#define OVERFLOW _OVERFLOW.#define UNDERFLOW _UNDERFLOW.#define TLOSS _TLOSS.#define PLOSS _PLOSS.#endif.#endif..#ifndef __STRICT_ANSI__.#define M_E 2.71828182845904523536.#define M_LOG2E 1.44269504088896340736.#define M_LOG10E 0.434294481903251827651.#define M_LN2 0.693147180559945309417.#define M_LN10 2.30258509299404568402.#define M_PI 3.14159265358979323846.#define M_PI_2 1.57079632679489661923.#define M_PI_4 0.785398163397

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-QVL3T.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):345
                                                                                                                                                                                                                                                                        Entropy (8bit):4.819819315483337
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1qTVSEDbA1CAAqC:UJJISFcShcFP+4B7SFRClV1qDD8CAAqC
                                                                                                                                                                                                                                                                        MD5:534517144E5B9ED662526771BB5D7E13
                                                                                                                                                                                                                                                                        SHA1:2D1801E4179E2A6E5914764D944A9C472BF65E99
                                                                                                                                                                                                                                                                        SHA-256:43956946AEFEE50E01FDD4D54A6C597418ABCB02251F9D7695ED7039FD7A5FF6
                                                                                                                                                                                                                                                                        SHA-512:533F30D3288C2B827D29210C6890D600678DB4F67B9FFAB27046E5CA3931BC119DE4AF93FFA63929DCD9D7C0BABD69A25E7F52E697272F3226ED198C93A9A8CD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * mem.h maps to string.h. */.#ifndef.__STRICT_ANSI__.#include <string.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-R0CCE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2135
                                                                                                                                                                                                                                                                        Entropy (8bit):5.113182765405398
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GXWM0CJUOsxXX0MLOMMMRgusuLZum+3Pw+8yFGX7Mu1LkuLS91uuHeLWv:35TW/Vf5FS7Mu1IuLium6Wv
                                                                                                                                                                                                                                                                        MD5:5F6A3E42F8EB297B888B498D93437C3C
                                                                                                                                                                                                                                                                        SHA1:09729D7892A1ED36AFADDEC40674ACEB62B5FA88
                                                                                                                                                                                                                                                                        SHA-256:882626FA25DBC1B5903E6FD98CC8516F1E54C4E06945026653F05B38125DFF2C
                                                                                                                                                                                                                                                                        SHA-512:587BB7BE57DDA7DB0BF8C454A78DD67D850342D97BC7C99A9804D53FA7929EB42C1194E13456170C0902CA7A15C028A6C635879889F0AF6A9ED833C2E046B9EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCALE.#define _INC_LOCALE..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define LC_ALL 0.#define LC_COLLATE 1.#define LC_CTYPE 2.#define LC_MONETARY 3.#define LC_NUMERIC 4.#define LC_TIME 5..#define LC_MIN LC_ALL.#define LC_MAX LC_TIME..#ifndef _LCONV_DEFINED.#define _LCONV_DEFINED. struct lconv {. char *decimal_point;. char *thousands_sep;. char *grouping;. char *int_curr_symbol;. char *currency_symbol;. char *mon_decimal_point;. char *mon_thousands_sep;. char *mon_grouping;. char *positive_sign;. char *negative_sign;. char int_frac_digits;. char frac_digits;. char p_cs_precedes;.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-RORV5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8405
                                                                                                                                                                                                                                                                        Entropy (8bit):5.100723832842219
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0ih8Bf8Bx8B6qwyKg758H898Bc8BQGDL2XMR6fm4RFeU6sxhE2JFE:0G8Bf8Bx8Bxwyz58O8Bc8Bv208m4RFeD
                                                                                                                                                                                                                                                                        MD5:698EA0C0196BA07E9B949406DBB9FFD7
                                                                                                                                                                                                                                                                        SHA1:7296CFE82FAB54F08D44CE9CBAB92BEF7D96C96E
                                                                                                                                                                                                                                                                        SHA-256:453793A2D6C6FC772D1CDD60E701FB3D393D752937C1D6B2CA64D5F1CEC9FD36
                                                                                                                                                                                                                                                                        SHA-512:49984DDD4866060D8E310CA6A2BD53DEA87ABA70778202C5EFED126C35B244DF90C42D61477775F327B30597138A73FB2B2EE2E1050DC6732FAEB766E870C146
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H_.#define _TIME_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED.#define _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.#if defined(__GNUC__) && defined(__STRICT_ANSI__). typedef int _time64_t __attribute__ ((mode (DI)));.#else. typedef __int64 __time64_t;.#endif.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typ

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-T0NJ5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1090
                                                                                                                                                                                                                                                                        Entropy (8bit):5.185707945606799
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDLDhTwNeehqAaZzTcvYRkvF76bUge/xXmy:GyDCHcOV6bULZv
                                                                                                                                                                                                                                                                        MD5:3B6FBC94238DF0FD001B04D55BC899DB
                                                                                                                                                                                                                                                                        SHA1:231E18CE6A5488B2353FB9EF052FD6677C2CF555
                                                                                                                                                                                                                                                                        SHA-256:3AFEA4AE85C68987FE59F40592AC5EA3EF1049B4FB72612BB185358D628E2DEC
                                                                                                                                                                                                                                                                        SHA-512:28BA3ED6CC9511F17798822FA81A2D16DA17CA4AF9DA64F3EDC9170FBB883801BF07390214C54B58A32251E6A1C3BB359CB76E892DDB77FBF8C1BF3985E13E5E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DOS.#define _INC_DOS..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED.. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif..#define _A_NORMAL 0x00.#define _A_RDONLY 0x01.#define _A_HIDDEN 0x02.#define _A_SYSTEM 0x04.#define _A_SUBDIR 0x10.#define _A_ARCH 0x20..#ifndef _GETDISKFREE_DEFINED.#define _GETDISKFREE_DEFINED. _CRTIMP unsigned __cdecl _getdiskfree(unsigned _Drive,struct _diskfree_t *_DiskFree);.#endif..#if (defined(_X86_) && !defined(__x86_64)). void __cdecl _disable(void);. void __cdecl _enable(void);.#endif..#ifndef.NO_OLDNAMES.#de

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-TCOUL.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                                                        Entropy (8bit):4.607652660491414
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YDC60AhCWNRSh4Hf9OKhW70rAcM05eB70AUrEtvQ7DM0zU2kx4Cv:mp0AnRoCkKu0McM0sF0AUn7f4Tv
                                                                                                                                                                                                                                                                        MD5:7D294F4EC2C9640974803A61153EF3DD
                                                                                                                                                                                                                                                                        SHA1:3BC244518F863B754A97CA1B756580974C0D4356
                                                                                                                                                                                                                                                                        SHA-256:5252824225DDC486B0460677F765E4157AF5D3ED7ACD65B310A4045EAFB56AF7
                                                                                                                                                                                                                                                                        SHA-512:FF09177DCD695A185D66AFA8405EB7BF0883D4C1E6507F00A12CD958562E2F0444867F6DABDEE6E50CD5977897E4D878F31CB51888BA6878829C96CBF80FB283
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDBOOL_H.#define _STDBOOL_H../* ISOC99 boolean */..#define bool._Bool.#define true.1.#define false.0.#define __bool_true_false_are_defined 1..#endif /* _STDBOOL_H */.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-TN157.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6072
                                                                                                                                                                                                                                                                        Entropy (8bit):5.148919168403688
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:a0GgtlRUn9ZpD5AgcpqdvDp/pwZzSAGkKTskBkbBpbwlHrhchgM2bRBhuYBbV3VU:a0GgJUn9ZpD+gcpqdvDp/pwZzP1iskSX
                                                                                                                                                                                                                                                                        MD5:6BB72461C8C72CC3B96F78C73FA803BA
                                                                                                                                                                                                                                                                        SHA1:4506FB8BFA1622D4533DB176B3DCFAB0AE021672
                                                                                                                                                                                                                                                                        SHA-256:4194C0408CDBA330B7CFA1D2091D72A0CFBF2077FF1FEB19F436F3F3AA2ADF18
                                                                                                                                                                                                                                                                        SHA-512:5F6D95651183FBCE7490A619D37672F2D3BAC516319D0EDCD4E782A77632B457632EB83AB54B67132752649FBBFBD1D4EB2B4ABA2622BDF729F0C4BD7509DB2B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* 7.8 Format conversion of integer types <inttypes.h> */..#ifndef _INTTYPES_H_.#define _INTTYPES_H_..#include <_mingw.h>.#include <stdint.h>.#define __need_wchar_t.#include <stddef.h>..#ifdef.__cplusplus.extern."C".{.#endif..typedef struct {..intmax_t quot;..intmax_t rem;..} imaxdiv_t;..#if !defined(__cplusplus) || defined(__STDC_FORMAT_MACROS)../* 7.8.1 Macros for format specifiers. * . * MS runtime does not yet understand C9x standard "ll". * length specifier. It appears to treat "ll" as "l".. * The non-standard I64 length specifier causes warning in GCC,. * but understood by MS runtime functions.. */../* fprintf macros for signed types */.#define PRId8 "d".#define PRId16 "d".#define PRId32 "d".#define PRId64 "I64d"..#define PRIdLEAST8 "d".#define PRIdLEAST16 "d".#define PR

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-U9AL3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2494
                                                                                                                                                                                                                                                                        Entropy (8bit):4.862990168468474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:QAs3d3qmP8lV0TTPWuj/ATVhpIOFf6yrsEgTvVOFobil:QAGdafP0P/IiA
                                                                                                                                                                                                                                                                        MD5:4FE6BA37DEC896AB822646118B5343CE
                                                                                                                                                                                                                                                                        SHA1:EA68660748139159643AB495AA1EC9287A5E20FF
                                                                                                                                                                                                                                                                        SHA-256:116504A7C3FEABBC4551E9DB0BEC957170647EF2067EB46A4304BCBFDDCE5A30
                                                                                                                                                                                                                                                                        SHA-512:6B3304630293A2A5C1D4870B088A7FA2681354A4D28D6DFD97CDA16E102D6E97A19CB5C9A840C8587479E4A559AB3EE781F1E9001F1336C9318988B1F2F22CC7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDARG_H.#define _STDARG_H..#ifdef __x86_64__.#ifndef _WIN64..//This should be in sync with the declaration on our lib/libtcc1.c./* GCC compatible definition of va_list. */.typedef struct {. unsigned int gp_offset;. unsigned int fp_offset;. union {. unsigned int overflow_offset;. char *overflow_arg_area;. };. char *reg_save_area;.} __va_list_struct;..typedef __va_list_struct va_list[1];..void __va_start(__va_list_struct *ap, void *fp);.void *__va_arg(__va_list_struct *ap, int arg_type, int size, int align);..#define va_start(ap, last) __va_start(ap, __builtin_frame_address(0)).#define va_arg(ap, type) \. (*(type *)(__va_arg(ap, __builtin_va_arg_types(type), sizeof(type), __alignof__(type)))).#define va_copy(dest, src) (*(dest) = *(src)).#define va_end(ap)../* avoid conflicting definition for va_list on Macs. */.#define _VA_LIST_T..#else /* _WIN64 */.typedef char *va_list;.#define va_start(ap,last) _

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-UJRBL.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1402
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8724440555000506
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:d19VSrcs/mbR/4Cm+iOwHCFFfJNn9DAP6V2OCB6E7LuNcWmY/CDGAsC:5VSrH/TCeCFD59DGJUEnhzY/6GA9
                                                                                                                                                                                                                                                                        MD5:8B03F5DA84F6175FB1213C1208BB0944
                                                                                                                                                                                                                                                                        SHA1:FB7A374705241EE8BA4C59C6BD4829A97B90FA55
                                                                                                                                                                                                                                                                        SHA-256:C91FFAAEF5231C6D7E744E0700F1F429C9CFAD88A4112FDD5ABABB701F3B5A4B
                                                                                                                                                                                                                                                                        SHA-512:038DA70FFDA4BF66CDF6D0D6792F51B140B0E6EEC8351A286A51D454A81E0571779E16985519DAB47F3B48E6102A54A40101634B86F556C95C2128DC6AED4283
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDDEF_H.#define _STDDEF_H..typedef __SIZE_TYPE__ size_t;.typedef __PTRDIFF_TYPE__ ssize_t;.typedef __WCHAR_TYPE__ wchar_t;.typedef __PTRDIFF_TYPE__ ptrdiff_t;.typedef __PTRDIFF_TYPE__ intptr_t;.typedef __SIZE_TYPE__ uintptr_t;..#ifndef __int8_t_defined.#define __int8_t_defined.typedef signed char int8_t;.typedef signed short int int16_t;.typedef signed int int32_t;.#ifdef __LP64__.typedef signed long int int64_t;.#else.typedef signed long long int int64_t;.#endif.typedef unsigned char uint8_t;.typedef unsigned short int uint16_t;.typedef unsigned int uint32_t;.#ifdef __LP64__.typedef unsigned long int uint64_t;.#else.typedef unsigned long long int uint64_t;.#endif.#endif..#ifndef NULL.#define NULL ((void*)0).#endif..#define offsetof(type, field) ((size_t)&((type *)0)->field)..void *alloca(size_t size);..#endif../* Older glibc require a wint_t from <stddef.h> (when requested. by __need_wint_t, as otherwise stddef.h isn't allowed to. define this type). Note that this must

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-UNDL2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):164
                                                                                                                                                                                                                                                                        Entropy (8bit):4.396200340591225
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YRTvF08wB32DsxQGG+TSERKR9BeCTSERKRIHTSERKR7LsyodP1XGZovVOMD:oF08iGDsx9TSEIToCTSEIcTSEIVun4yJ
                                                                                                                                                                                                                                                                        MD5:623F15DB2D9075E9DE1E1E5217854933
                                                                                                                                                                                                                                                                        SHA1:247EBCAA4F74507EDC5E06E2382378561E67027E
                                                                                                                                                                                                                                                                        SHA-256:2C63CD52CD589A204C8E5F75B9179FD520BE1A0770A698303526BE4069613E3B
                                                                                                                                                                                                                                                                        SHA-512:34555DF799E9F54EFDFF3BE4498CF20565935A0D5A116D030475042E3BD1CEA9F949A8CC4D9DD5C320FD528879B6221CA70CA0B9068C1AC6381B55C4756D92C4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef celib_h..#define celib_h....typedef struct _cecs..{.. volatile int locked;.. volatile int threadif;.. volatile int lockcount; ..} cecs, *Pcecs;....#endif

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-V94MA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13067
                                                                                                                                                                                                                                                                        Entropy (8bit):5.032337228232408
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:Y8Bx8BjP8BJPKf37Rw8z/hI9B3mpv6O3O8iONUO5OG0xLIJ8SNgVSAMczPO8cONU:r02oxz7vX+8fNxIG0S8SNgVxz28ZNU
                                                                                                                                                                                                                                                                        MD5:4AC0744EF16453FEBED8DE4242997946
                                                                                                                                                                                                                                                                        SHA1:B092C9006DE0A8DBE7F0FF568B6CAAFB00B4C90A
                                                                                                                                                                                                                                                                        SHA-256:5DA97C850E8E2AB608C42947A33411F556F6D75B8264E1E5CF29CA7BA7B96256
                                                                                                                                                                                                                                                                        SHA-512:1EC9947C6FE0160954F3922D6990863865D274874C31355F0838CCBB1BBF6650A9A3F0D3590537A189AFBF80E33CDE5393260FDD5F3EA5A736A066CDCC5FF815
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:./**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _IO_H_.#define _IO_H_..#include <_mingw.h>.#include <string.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _POSIX_..#ifdef __cplusplus.extern "C" {.#endif.._CRTIMP char* __cdecl _getcwd (char*, int);.#ifndef _FSIZE_T_DEFINED. typedef unsigned long _fsize_t;.#define _FSIZE_T_DEFINED.#endif..#ifndef _FINDDATA_T_DEFINED.. struct _finddata32_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. _fsize_t size;. char name[260];. };../*#if _INTEGRAL_MAX_BITS >= 64*/.. struct _finddata32i64_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. __int64 size;. char name[260];. };.. struct _finddata64i32_t {. unsigned attrib;. __time64_t time_create

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\is-VJAGE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3796
                                                                                                                                                                                                                                                                        Entropy (8bit):5.3190944253059405
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GdUcbUGSCnlAxeSeFkvSp2wCoIt6TcUEYEJ+CkbUHfXF0XQtVI:QTIGTWeFk6pw/6TOMvIfFsA+
                                                                                                                                                                                                                                                                        MD5:D236372CBA09E14C37B4E48F81BAEF83
                                                                                                                                                                                                                                                                        SHA1:11A3BFFAACEDFA1CAA4B4BB836CD95297A4ECC6D
                                                                                                                                                                                                                                                                        SHA-256:0098E51602C94F8A9702F4B776D3630F56EEC27ED67B9FC36D9204933B58AC4D
                                                                                                                                                                                                                                                                        SHA-512:D7C22525FBB97BF8950DB69645511420F1198ABE33F5D0FE07A5EE8DD6B5CDA07038B6DB71A2995C6F5EC1B85D8B98E4370330193132E95F2A65E3A847F04408
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_EXCPT.#define _INC_EXCPT..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif.. struct _EXCEPTION_POINTERS;..#ifndef EXCEPTION_DISPOSITION.#define EXCEPTION_DISPOSITION int.#endif.#define ExceptionContinueExecution 0.#define ExceptionContinueSearch 1.#define ExceptionNestedException 2.#define ExceptionCollidedUnwind 3..#if (defined(_X86_) && !defined(__x86_64)). struct _EXCEPTION_RECORD;. struct _CONTEXT;.. EXCEPTION_DISPOSITION __cdecl _except_handler(struct _EXCEPTION_RECORD *_ExceptionRecord,void *_EstablisherFrame,struct _CONTEXT *_ContextRecord,void *_DispatcherContext);.#elif defined(__ia64__).. typedef struct _EXCEPTION_POINTERS *Exception_info_ptr;. struct _EXCEPTION_RECORD;. struct _CONTEXT;. struct _DISP

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\limits.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2686
                                                                                                                                                                                                                                                                        Entropy (8bit):5.279528518541247
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GXFLawQcx1ZvUTc/5p3C8QcvAv1p3R0C8+Rve/KQ1i5/o4XqzOvQQHc8/Y:sn91ZgcrCkvQv0C8ksd4na
                                                                                                                                                                                                                                                                        MD5:21CE377183014C3535643C9050306A33
                                                                                                                                                                                                                                                                        SHA1:41B25206EDD6309884312FD70026096C35A6DBEB
                                                                                                                                                                                                                                                                        SHA-256:39C0761F0E43D7B936B9B81C85673DD82896EBFA66E9F1B9A19B45F34E4CD52A
                                                                                                                                                                                                                                                                        SHA-512:3B0FA5D6EBB7AC47694C7D04B4835AF6C089344F7F8337DB74B34E3B46A1792295224DC232FAC1FD0DB482FC32C8A6A4BFCAF4F39C35DCCD98600181C314B43D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_LIMITS.#define _INC_LIMITS../*.* File system limits.*.* TODO: NAME_MAX and OPEN_MAX are file system limits or not? Are they the.* same as FILENAME_MAX and FOPEN_MAX from stdio.h?.* NOTE: Apparently the actual size of PATH_MAX is 260, but a space is.* required for the NUL. TODO: Test?.*/.#define PATH_MAX.(259)..#define CHAR_BIT 8.#define SCHAR_MIN (-128).#define SCHAR_MAX 127.#define UCHAR_MAX 0xff..#define CHAR_MIN SCHAR_MIN.#define CHAR_MAX SCHAR_MAX..#define MB_LEN_MAX 5.#define SHRT_MIN (-32768).#define SHRT_MAX 32767.#define USHRT_MAX 0xffff.#define INT_MIN (-2147483647 - 1).#define INT_MAX 2147483647.#define UINT_MAX 0xffffffff.#define LONG_MIN (-2147483647L - 1).#define LONG_MAX 2147483647L.#define ULONG_MAX 0xffffffffUL.#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\locale.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2135
                                                                                                                                                                                                                                                                        Entropy (8bit):5.113182765405398
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GXWM0CJUOsxXX0MLOMMMRgusuLZum+3Pw+8yFGX7Mu1LkuLS91uuHeLWv:35TW/Vf5FS7Mu1IuLium6Wv
                                                                                                                                                                                                                                                                        MD5:5F6A3E42F8EB297B888B498D93437C3C
                                                                                                                                                                                                                                                                        SHA1:09729D7892A1ED36AFADDEC40674ACEB62B5FA88
                                                                                                                                                                                                                                                                        SHA-256:882626FA25DBC1B5903E6FD98CC8516F1E54C4E06945026653F05B38125DFF2C
                                                                                                                                                                                                                                                                        SHA-512:587BB7BE57DDA7DB0BF8C454A78DD67D850342D97BC7C99A9804D53FA7929EB42C1194E13456170C0902CA7A15C028A6C635879889F0AF6A9ED833C2E046B9EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCALE.#define _INC_LOCALE..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define LC_ALL 0.#define LC_COLLATE 1.#define LC_CTYPE 2.#define LC_MONETARY 3.#define LC_NUMERIC 4.#define LC_TIME 5..#define LC_MIN LC_ALL.#define LC_MAX LC_TIME..#ifndef _LCONV_DEFINED.#define _LCONV_DEFINED. struct lconv {. char *decimal_point;. char *thousands_sep;. char *grouping;. char *int_curr_symbol;. char *currency_symbol;. char *mon_decimal_point;. char *mon_thousands_sep;. char *mon_grouping;. char *positive_sign;. char *negative_sign;. char int_frac_digits;. char frac_digits;. char p_cs_precedes;.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\malloc.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5214
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2821319558661655
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:y4bSZjA6r8VdQINtNy6XVqB4/mLErYQ015U/dIuvwQRbZBq35jU:9urrSXIzGdIuvwQR9YJo
                                                                                                                                                                                                                                                                        MD5:537BC027E86F7252D88B6BF2FE5B2F35
                                                                                                                                                                                                                                                                        SHA1:7F3361D220F96AD1B93669254937929F267CC333
                                                                                                                                                                                                                                                                        SHA-256:7307FF330B8D7954D548E19E45887ED64DE36DA5BEE1FDA2CC021F0C1C1892BD
                                                                                                                                                                                                                                                                        SHA-512:3D7693F46FE1272DECBA8EFB6A01853786419055CF338CC900C9FE3EC1B795BA25E16878A5D53261BF3BC3BAB7525110B6F1844501D5FB6BE45C57B5D277F625
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MALLOC_H_.#define _MALLOC_H_..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _MM_MALLOC_H_INCLUDED.#define _MM_MALLOC_H_INCLUDED.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _WIN64.#define _HEAP_MAXREQ 0xFFFFFFFFFFFFFFE0.#else.#define _HEAP_MAXREQ 0xFFFFFFE0.#endif..#ifndef _STATIC_ASSERT.#define _STATIC_ASSERT(expr) extern void __static_assert_t(int [(expr)?1:-1]).#endif../* Return codes for _heapwalk() */.#define _HEAPEMPTY (-1).#define _HEAPOK (-2).#define _HEAPBADBEGIN (-3).#define _HEAPBADNODE (-4).#define _HEAPEND (-5).#define _HEAPBADPTR (-6)../* Values for _heapinfo.useflag */.#define _FREEENTRY 0.#define _USEDENTRY 1..#ifndef _HEAPINFO_DEFINED.#define _HEAPINFO_DEFINED. /* The structure used to walk through the heap with _heapwalk.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\math.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):23077
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0910424086795425
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:lpwI012C9/SKSP4qROW8JuWucZBFRzWhHONMLPik9OeY:lpq2C9/FA4OOJr
                                                                                                                                                                                                                                                                        MD5:631F16C4A65CF2F47FA49C9220D9C500
                                                                                                                                                                                                                                                                        SHA1:330EADF08FDCB31747BF7C84182F2A5EECFA3FAB
                                                                                                                                                                                                                                                                        SHA-256:0BC33882BD2AF1E7D33C38C0160E2A0AE737836815360765750CDC7E98E5DFC5
                                                                                                                                                                                                                                                                        SHA-512:92EB690CA7D563269CEAEFFAC1F0FFBA6D010568431843F2DD82DCA7A1ACA0E6634C3335202ED5559FE631B0ED7C585DC1C3F5BB248FE3D571BA754B22B6AD5A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MATH_H_.#define _MATH_H_..#if __GNUC__ >= 3.#pragma GCC system_header.#endif..#include <_mingw.h>..struct exception;..#pragma pack(push,_CRT_PACKING)..#define _DOMAIN 1.#define _SING 2.#define _OVERFLOW 3.#define _UNDERFLOW 4.#define _TLOSS 5.#define _PLOSS 6..#ifndef __STRICT_ANSI__.#ifndef.NO_OLDNAMES.#define DOMAIN _DOMAIN.#define SING _SING.#define OVERFLOW _OVERFLOW.#define UNDERFLOW _UNDERFLOW.#define TLOSS _TLOSS.#define PLOSS _PLOSS.#endif.#endif..#ifndef __STRICT_ANSI__.#define M_E 2.71828182845904523536.#define M_LOG2E 1.44269504088896340736.#define M_LOG10E 0.434294481903251827651.#define M_LN2 0.693147180559945309417.#define M_LN10 2.30258509299404568402.#define M_PI 3.14159265358979323846.#define M_PI_2 1.57079632679489661923.#define M_PI_4 0.785398163397

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\mem.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):345
                                                                                                                                                                                                                                                                        Entropy (8bit):4.819819315483337
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1qTVSEDbA1CAAqC:UJJISFcShcFP+4B7SFRClV1qDD8CAAqC
                                                                                                                                                                                                                                                                        MD5:534517144E5B9ED662526771BB5D7E13
                                                                                                                                                                                                                                                                        SHA1:2D1801E4179E2A6E5914764D944A9C472BF65E99
                                                                                                                                                                                                                                                                        SHA-256:43956946AEFEE50E01FDD4D54A6C597418ABCB02251F9D7695ED7039FD7A5FF6
                                                                                                                                                                                                                                                                        SHA-512:533F30D3288C2B827D29210C6890D600678DB4F67B9FFAB27046E5CA3931BC119DE4AF93FFA63929DCD9D7C0BABD69A25E7F52E697272F3226ED198C93A9A8CD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * mem.h maps to string.h. */.#ifndef.__STRICT_ANSI__.#include <string.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\memory.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1233
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1075312514305296
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDYqsS6s1UzFf5wNaCmwN0PK0PQvYaH2l2X:GlS6s1k5wNaRwNt95H2U
                                                                                                                                                                                                                                                                        MD5:29F62B1ADD26DC1AED3FAAD03FAC030D
                                                                                                                                                                                                                                                                        SHA1:6F605B9A153A987F2939AE6500D6391FDC107332
                                                                                                                                                                                                                                                                        SHA-256:B4341E188913A819FA3BF101078A95CA077780219373F424C39AD86C94E04B6F
                                                                                                                                                                                                                                                                        SHA-512:3D98E9F039DDA694A660BA7D2F7906FCD60016DC6A8FED78CEB7B191618318A68D34169B9480BA5727730F6BD6357A13FD02E0CDCA5439A45E06D2F0D61DABE0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MEMORY.#define _INC_MEMORY..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CONST_RETURN.#define _CONST_RETURN.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Buf2,size_t _Size);. void *__cdecl memcpy(void *_Dst,const void *_Src,size_t _Size);. void *__cdecl memset(void *_Dst,int _Val,si

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\process.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9091
                                                                                                                                                                                                                                                                        Entropy (8bit):5.046593382105061
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:kVIYQ03tIPjxoNimr4mJ6hIO0XtcsQQ05vQTcsBOdFS3b6dyntql+:kVIYQ03tIPjxoNimr4mJ6hIOmcsQQ05E
                                                                                                                                                                                                                                                                        MD5:F06EDAF6AB750607C33C37BFE50B2EB2
                                                                                                                                                                                                                                                                        SHA1:CA3AFC7781760D84432B06567AFBDA24587757DD
                                                                                                                                                                                                                                                                        SHA-256:6947C954F2AF676E66CC38D64B1A165428734000E2E272F883C2D74A85B82020
                                                                                                                                                                                                                                                                        SHA-512:9926B19FBD4B30ECF6682AE5945401E4387D2B5CE02D7643B51C660462B761B08F52A99F2B7DA73B574C7BC6388CD23CA3ED8451A3CF2B3501AD217925A503EB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_PROCESS.#define _INC_PROCESS..#include <_mingw.h>../* Includes a definition of _pid_t and pid_t */.#include <sys/types.h>..#ifndef _POSIX_.#ifdef __cplusplus.extern "C" {.#endif..#define _P_WAIT 0.#define _P_NOWAIT 1.#define _OLD_P_OVERLAY 2.#define _P_NOWAITO 3.#define _P_DETACH 4.#define _P_OVERLAY 2..#define _WAIT_CHILD 0.#define _WAIT_GRANDCHILD 1.. _CRTIMP uintptr_t __cdecl _beginthread(void (__cdecl *_StartAddress) (void *),unsigned _StackSize,void *_ArgList);. _CRTIMP void __cdecl _endthread(void);. _CRTIMP uintptr_t __cdecl _beginthreadex(void *_Security,unsigned _StackSize,unsigned (__stdcall *_StartAddress) (void *),void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);. _CRTIMP void __cdecl _endthreadex(unsigned _Retval);..#ifndef _CRT_TERMINATE_DE

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\conio_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1535
                                                                                                                                                                                                                                                                        Entropy (8bit):5.005173947475632
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDp5BUXLjIT0Cn0jIn0jQsY0eq0DY0PdMR0Mk3Z0ln0ln0fKY0xq0CY0u+:G4X+j41n8In8QsYbqgYKd00x+nknmKY1
                                                                                                                                                                                                                                                                        MD5:5BC78AA26AF6CE836F322CD5A432E368
                                                                                                                                                                                                                                                                        SHA1:1E99298161F0ADB4F7244EB5A067364DC5B47E91
                                                                                                                                                                                                                                                                        SHA-256:F7375E816739491FBAB39531C1D60A77B78FF9A162ABA17F817C773BF75F6508
                                                                                                                                                                                                                                                                        SHA-512:F1BFD5EF34A97E72EC474B2A2FECF4AC5FA1931E08845489623A7C699954B549FEDE1E4F93C815C0A9944A7D79601A9ED1342D47694528DAB54ADEAA5BBAB443
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CONIO_S.#define _INC_CONIO_S..#include <conio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _cgets_s(char *_Buffer,size_t _Size,size_t *_SizeRead);. _CRTIMP int __cdecl _cprintf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s_l(const char *_Format,_locale_t _Locale,va_list _ArgList);..#ifndef _WCONIO_DEFINED_S.#define _WCONIO_DEFINED_S. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\crtdbg_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):461
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161018019410615
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BtsYzlAEG2UCqAhEGksdAwED:i2PSh0PDtJLUtNjOqD
                                                                                                                                                                                                                                                                        MD5:F0C359A5AA08A907A23D2C0C5AA68E5C
                                                                                                                                                                                                                                                                        SHA1:B487788EC6AA32458DF18F6D10F67573DE8FA16E
                                                                                                                                                                                                                                                                        SHA-256:03630EE83E7C921446A0790853FCADEB5A308553DD3C4ECDDD568CDA3167C0F1
                                                                                                                                                                                                                                                                        SHA-512:71BD41E6BD84BFFE34BEB8EF1B49C63358CB5D8E520972D57046D58E9D9FB6DEAE512E4CF5554337DA2510D6F3AFCD6C6D58124A30C4003F9E3A8F60C2FFA896
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CRTDBG_S.#define _INC_CRTDBG_S..#include <crtdbg.h>..#if defined(MINGW_HAS_SECURE_API)..#define _dupenv_s_dbg(ps1,size,s2,t,f,l) _dupenv_s(ps1,size,s2).#define _wdupenv_s_dbg(ps1,size,s2,t,f,l) _wdupenv_s(ps1,size,s2)..#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\io_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):881
                                                                                                                                                                                                                                                                        Entropy (8bit):5.049800224685949
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PD5LNUX/uOL3YnNcYDJYwKGUG7FIU9L3YqM:GUZTOL3kSiJyjoL3lM
                                                                                                                                                                                                                                                                        MD5:AAF6330564DC2B4B413908EF435956AF
                                                                                                                                                                                                                                                                        SHA1:EA59272194493914F4B0CD1375210053A34CFDC2
                                                                                                                                                                                                                                                                        SHA-256:6E02F4AE50D30629AF7DF34785B6C32642B12D94ADDD56606F6FC4AB668250FF
                                                                                                                                                                                                                                                                        SHA-512:3FD60615B2DFC257A0CACF1F985AF5AA765583DB7DE6B8E474DE52369219DA5D2276362ADD9875A820F0A424A259FE976EBFA1E18FCD7B70008AB8FF70EBA03F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_IO_S.#define _INC_IO_S..#include <io.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _access_s(const char *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _chsize_s(int _FileHandle,__int64 _Size);. _CRTIMP errno_t __cdecl _mktemp_s(char *_TemplateName,size_t _Size);. _CRTIMP errno_t __cdecl _umask_s(int _NewMode,int *_OldMode);..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-2ETM7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4113
                                                                                                                                                                                                                                                                        Entropy (8bit):5.025747893872523
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:1ICzd9hzhSzms1NOsG1/zl1EzQm2pppJptakhplumHNNmeN4mfNaAqk58ikTNBkm:tp9hFS6s1gsiB3fnjhTVS24Y4LN
                                                                                                                                                                                                                                                                        MD5:AE13BD6218C4840EACAC71F31C45B2BC
                                                                                                                                                                                                                                                                        SHA1:E05D796CE8F5AEAA629CA9F1E3F6D4AC154148A2
                                                                                                                                                                                                                                                                        SHA-256:8650E34BE241C7D837433126878EB6A30EE71C0B759C23671FD8F0715C7CDE65
                                                                                                                                                                                                                                                                        SHA-512:689808A64C20260F3091E94DCE6EAABF8662BA627B4DE4C43ED685390565186E69FF229CB4755E9D3BD12B5C46E16CCFD848652703572E790DF7BBAB3824FF9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB_S.#define _INC_STDLIB_S..#include <stdlib.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _dupenv_s(char **_PBuffer,size_t *_PBufferSizeInBytes,const char *_VarName);. _CRTIMP errno_t __cdecl _itoa_s(int _Value,char *_DstBuf,size_t _Size,int _Radix);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _i64toa_s(__int64 _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl _ui64toa_s(unsigned __int64 _Val,char *_DstBuf,size_t _Size,int _Radix);.#endif. _CRTIMP errno_t __cdecl _ltoa_s(long _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl mbstowcs_s(size_t *_PtNumOfCharConverted,wchar_t *_DstBuf,size_t _SizeInWords,const char *_SrcBuf,size_t _MaxCount);. _CRTI

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-5S5V0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1535
                                                                                                                                                                                                                                                                        Entropy (8bit):5.005173947475632
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDp5BUXLjIT0Cn0jIn0jQsY0eq0DY0PdMR0Mk3Z0ln0ln0fKY0xq0CY0u+:G4X+j41n8In8QsYbqgYKd00x+nknmKY1
                                                                                                                                                                                                                                                                        MD5:5BC78AA26AF6CE836F322CD5A432E368
                                                                                                                                                                                                                                                                        SHA1:1E99298161F0ADB4F7244EB5A067364DC5B47E91
                                                                                                                                                                                                                                                                        SHA-256:F7375E816739491FBAB39531C1D60A77B78FF9A162ABA17F817C773BF75F6508
                                                                                                                                                                                                                                                                        SHA-512:F1BFD5EF34A97E72EC474B2A2FECF4AC5FA1931E08845489623A7C699954B549FEDE1E4F93C815C0A9944A7D79601A9ED1342D47694528DAB54ADEAA5BBAB443
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CONIO_S.#define _INC_CONIO_S..#include <conio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _cgets_s(char *_Buffer,size_t _Size,size_t *_SizeRead);. _CRTIMP int __cdecl _cprintf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s_l(const char *_Format,_locale_t _Locale,va_list _ArgList);..#ifndef _WCONIO_DEFINED_S.#define _WCONIO_DEFINED_S. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F725L.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7492
                                                                                                                                                                                                                                                                        Entropy (8bit):5.001674571619953
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:2s3ligWmjN2JcabAOrco1/x+pxJrx8NxDhW21TUSBL/jCh3HzTxpppJptakhplFY:lUEU0zwyx3fnjhTtj7P9AJbfYFa
                                                                                                                                                                                                                                                                        MD5:37C52897CBB44A15BD22203CF8882566
                                                                                                                                                                                                                                                                        SHA1:27A8F810ADB10BCFD84DB971163C98ED81C3BDF9
                                                                                                                                                                                                                                                                        SHA-256:5A470AC358B2D951202182F9EC1F945331C23A8D79629AD4EDB08B7D73CFAEE4
                                                                                                                                                                                                                                                                        SHA-512:5217C9246A458EAB5657B219D136CEC221EF0539CB5C5D02BF9E1FE88159A758B247E2D925312636AA8BE4665B9D52641A9D3F2613256C3FF88985ED1D50CA05
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR_S.#define _INC_WCHAR_S..#include <wchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifndef _WCONIO_S_DEFINED.#define _WCONIO_S_DEFINED. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,size_t *_SizeRead);. _CRTIMP int __cdecl _cwprintf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s_l(const wchar_t *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcwprintf_s(const wchar_t *_Format,va_list _ArgList);. _C

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-H55RB.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11508
                                                                                                                                                                                                                                                                        Entropy (8bit):4.850439541273333
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:nzXsE4vla8LmEtTcbA4MfaEU0zwyp0WEP9fF2V:8
                                                                                                                                                                                                                                                                        MD5:3C28755C2186DABAE016938E1308B77F
                                                                                                                                                                                                                                                                        SHA1:9437B43CD64ED70638DF695B1B9EAB34C1B04F57
                                                                                                                                                                                                                                                                        SHA-256:5107BED740C6274FFC767AD42DED6CE5A8F51CB0C73239D04D5A647D62EDF2F1
                                                                                                                                                                                                                                                                        SHA-512:9D89FE5E5B8396998A552E443970F45C8E9F2F04F180D14F1CBBDC56A1FD5AE0F2C9F81B8E25D0DCB20FB1437D9BD178A6DAD68A323AA0E9EAEF31B6B6D40F33
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO_S.#define _INC_STDIO_S..#include <stdio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _STDIO_S_DEFINED.#define _STDIO_S_DEFINED. _CRTIMP errno_t __cdecl clearerr_s(FILE *_File);. int __cdecl fprintf_s(FILE *_File,const char *_Format,...);. size_t __cdecl fread_s(void *_DstBuf,size_t _DstSize,size_t _ElementSize,size_t _Count,FILE *_File);. _CRTIMP int __cdecl _fscanf_s_l(FILE *_File,const char *_Format,_locale_t _Locale,...);. int __cdecl printf_s(const char *_Format,...);. _CRTIMP int __cdecl _scanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _scanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _snprintf_s(char *_DstBuf,size_t _DstSize,size_t _MaxCount,const char

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-I9CFP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2331
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0544392912710165
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GcrXMDj5Rqf/Hj57+jJij5NiTiM7AdKCLUJXbfb7SlE6BQ5Sl625a:HrONRqf/HN7+9iNYm+AdKCLUJXbfYE6S
                                                                                                                                                                                                                                                                        MD5:EDC9CC4A2A0B921D3167F19D2D162F0B
                                                                                                                                                                                                                                                                        SHA1:424E2246A5B852CC80AC043F681A12F4ED95882B
                                                                                                                                                                                                                                                                        SHA-256:9AE9CB7A3164AD0093E3887B0CA09BB67498DA51BB44E9BE500B60E72A385DC0
                                                                                                                                                                                                                                                                        SHA-512:3C81D4917E9A47307393EA6AF3C6E945F6F6ACC1BAEFA764E500054F84BBAEDDA83B7CCDBAC3A1EC526E389EC7A095B0A6676AE09CEEA63EF1E95B5DE004B018
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H__S.#define _TIME_H__S..#include <time.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _ctime32_s(char *_Buf,size_t _SizeInBytes,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _gmtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _localtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _strdate_s(char *_Buf,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _strtime_s(char *_Buf ,size_t _SizeInBytes);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ctime64_s(char *_Buf,size_t _SizeInBytes,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _gmtime64_s(struct tm *_Tm,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _localtime64_s(struct tm *_Tm,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-IHAQQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):824
                                                                                                                                                                                                                                                                        Entropy (8bit):5.23907989533424
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDbldUsxgi7ZmA10jrL8sxqpCTkTAfEjd2FL0:GENuiZmU0jrIhT9jdKA
                                                                                                                                                                                                                                                                        MD5:C46DB571CFDB29EA8F977222B4BDA152
                                                                                                                                                                                                                                                                        SHA1:727F853FE74015580AE152B7DA8E1958B19FE22B
                                                                                                                                                                                                                                                                        SHA-256:B23F0CF79D5455E232D92792E2B2BE38125A02808BC005049367BAB68DA1300B
                                                                                                                                                                                                                                                                        SHA-512:747FEFA9B6DC0B5B1DE13ACFFBECCDBD7542A1241DEE3299F584FD08D65EAE8D1814305C44FC5AD580D865CF73AE9A8072F5AD7FD5E8439DE034EE82FD789CA7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __STRALIGN_H_S_.#define __STRALIGN_H_S_..#include <stralign.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#if !defined(I_X86_) && defined(_WSTRING_S_DEFINED).#if defined(__cplusplus) && defined(_WConst_Return). static __inline PUWSTR ua_wcscpy_s(PUWSTR Desusertion,size_t DesusertionSize,PCUWSTR Source) {. if(WSTR_ALIGNED(Source) && WSTR_ALIGNED(Desusertion)) return (wcscpy_s((PWSTR)Desusertion,DesusertionSize,(PCWSTR)Source)==0 ? Desusertion : NULL);. return uaw_wcscpy((PCUWSTR)String,Character);. }.#endif.#endif..#ifdef __cplusplus.}.#endif.#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-N8AS7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):461
                                                                                                                                                                                                                                                                        Entropy (8bit):5.161018019410615
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BtsYzlAEG2UCqAhEGksdAwED:i2PSh0PDtJLUtNjOqD
                                                                                                                                                                                                                                                                        MD5:F0C359A5AA08A907A23D2C0C5AA68E5C
                                                                                                                                                                                                                                                                        SHA1:B487788EC6AA32458DF18F6D10F67573DE8FA16E
                                                                                                                                                                                                                                                                        SHA-256:03630EE83E7C921446A0790853FCADEB5A308553DD3C4ECDDD568CDA3167C0F1
                                                                                                                                                                                                                                                                        SHA-512:71BD41E6BD84BFFE34BEB8EF1B49C63358CB5D8E520972D57046D58E9D9FB6DEAE512E4CF5554337DA2510D6F3AFCD6C6D58124A30C4003F9E3A8F60C2FFA896
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CRTDBG_S.#define _INC_CRTDBG_S..#include <crtdbg.h>..#if defined(MINGW_HAS_SECURE_API)..#define _dupenv_s_dbg(ps1,size,s2,t,f,l) _dupenv_s(ps1,size,s2).#define _wdupenv_s_dbg(ps1,size,s2,t,f,l) _wdupenv_s(ps1,size,s2)..#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-O7AQM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3615
                                                                                                                                                                                                                                                                        Entropy (8bit):4.86966174138245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:fo/15F1iM17NNse1NNNie16Nw11NNKe1/NNQe1uNO1Yk1gQ1Cs1s2s+w:wdi69Ah
                                                                                                                                                                                                                                                                        MD5:EDEDEEC78FA33C84025495013A88BF1A
                                                                                                                                                                                                                                                                        SHA1:7CB95B9B6DF8927222625EA101A72389B8A5318F
                                                                                                                                                                                                                                                                        SHA-256:D962AB8070958953F48B24C9EA068B345B158237826FB71B9A76D36CF2E8A32B
                                                                                                                                                                                                                                                                        SHA-512:B32E7891109560B4DF8BBBD1B3BB6D2ACEC9158C35743EB97A88F3B1237114979057B00ACD2CBB594CB1DB555E5AF5DDCAA610FE13C141A20494CA47319F65B0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MBSTRING_S.#define _INC_MBSTRING_S..#include <mbstring.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _MBSTRING_S_DEFINED.#define _MBSTRING_S_DEFINED. _CRTIMP errno_t __cdecl _mbscat_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscat_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbscpy_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscpy_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbslwr_s(unsigned char *_Str,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _mbslwr_s_l(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-OS3RJ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):881
                                                                                                                                                                                                                                                                        Entropy (8bit):5.049800224685949
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PD5LNUX/uOL3YnNcYDJYwKGUG7FIU9L3YqM:GUZTOL3kSiJyjoL3lM
                                                                                                                                                                                                                                                                        MD5:AAF6330564DC2B4B413908EF435956AF
                                                                                                                                                                                                                                                                        SHA1:EA59272194493914F4B0CD1375210053A34CFDC2
                                                                                                                                                                                                                                                                        SHA-256:6E02F4AE50D30629AF7DF34785B6C32642B12D94ADDD56606F6FC4AB668250FF
                                                                                                                                                                                                                                                                        SHA-512:3FD60615B2DFC257A0CACF1F985AF5AA765583DB7DE6B8E474DE52369219DA5D2276362ADD9875A820F0A424A259FE976EBFA1E18FCD7B70008AB8FF70EBA03F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_IO_S.#define _INC_IO_S..#include <io.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _access_s(const char *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _chsize_s(int _FileHandle,__int64 _Size);. _CRTIMP errno_t __cdecl _mktemp_s(char *_TemplateName,size_t _Size);. _CRTIMP errno_t __cdecl _umask_s(int _NewMode,int *_OldMode);..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-PJ81E.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):796
                                                                                                                                                                                                                                                                        Entropy (8bit):5.075906205009732
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BUksYTAKG2U1OAb9vw4DRWJKRWFoY2j9vw4DRWJKRW5:i2PSh0PDxjdUpbpw4NWIWFepw4NWIW5
                                                                                                                                                                                                                                                                        MD5:E0C3256D4BE1AD2A506755EB847C2D39
                                                                                                                                                                                                                                                                        SHA1:236108EEED6AFC8156950DAE94A055B90F8D169E
                                                                                                                                                                                                                                                                        SHA-256:96174E09F1C573C7FAEA85A6D568225A1B946E133C6C04A7BD6AA865C58896A2
                                                                                                                                                                                                                                                                        SHA-512:501E4C147ABA8CC08D3195BBA9328D3ED6186E8BFE60EF4DE65F09441F708ABDAAC9D7ED4C84CCD4CE21075F45D0C8B60B2BF8A927AD8A449C11EF6B2711032A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SEARCH_S.#define _INC_SEARCH_S..#include <search.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP void *__cdecl _lfind_s(const void *_Key,const void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);. _CRTIMP void *__cdecl _lsearch_s(const void *_Key,void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-QS28U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1787
                                                                                                                                                                                                                                                                        Entropy (8bit):4.917564903414643
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GdhfZfj5LsD61nVtwNwDmwMRTNU5bTTwNTrbTy7TZe1TGdTt8u:QZZfNLsD61V+NwDmw0hUZgNnbu71e1a9
                                                                                                                                                                                                                                                                        MD5:544899F39CA616AE07D97A2FEE8DE3D4
                                                                                                                                                                                                                                                                        SHA1:2F95831D27CC918E633E8D711087CCF7C3DA918B
                                                                                                                                                                                                                                                                        SHA-256:EEF32FB505B98A3610923E8DDB3DE724C55B44389D25CEF7CF50EE3CD14F5D68
                                                                                                                                                                                                                                                                        SHA-512:20DBF6C25FF2270402BB4EB99430B83128F66D577B7C9277CACBF8CDB5438EC58B6B1EA468499D1F48338CF4F2433A1A0E59E242F812B419C6AFC637340C86AB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING_S.#define _INC_STRING_S..#include <string.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _strset_s(char *_Dst,size_t _DstSize,int _Value);. _CRTIMP errno_t __cdecl _strerror_s(char *_Buf,size_t _SizeInBytes,const char *_ErrMsg);. _CRTIMP errno_t __cdecl _strlwr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strlwr_s_l(char *_Str,size_t _Size,_locale_t _Locale);. _CRTIMP errno_t __cdecl _strnset_s(char *_Str,size_t _Size,int _Val,size_t _MaxCount);. _CRTIMP errno_t __cdecl _strupr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strupr_s_l(char *_Str,size_t _Size,_locale_t _Locale);.#ifndef _WSTRING_S_DEFINED.#define _WSTRING_S_DEFINED. _CRTIMP wchar_t *__cdecl wcstok_s(wchar_t *_St

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\is-TAC3S.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8328
                                                                                                                                                                                                                                                                        Entropy (8bit):4.549418379824187
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:bQGkyRvKPf4e80QgHRySdrCcNNXe1FcNNFe1d6O1yv61ycNNue1ccNNYe1e1O1e3:c11WgJ17OBBapWcEqJ
                                                                                                                                                                                                                                                                        MD5:1C3243D5951CCF4C4007E89FD366631D
                                                                                                                                                                                                                                                                        SHA1:48FE81CEA21230097C39FFC92C9B5BCAB3B4D0B1
                                                                                                                                                                                                                                                                        SHA-256:A5318CCEB241962769169C32A3CE5BFB9A075A52EDBAC31AAD33B0D7B897B544
                                                                                                                                                                                                                                                                        SHA-512:F6D25B5532745933F4320280AC21DD02CD12872639333B3AD04F4EFBBB42CFE51F5AD828F6CB2134968F5503979029AC38AD208572AD3FD298BDCC97677ECEDD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TCHAR_S.#define _INC_TCHAR_S..#include <tchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _UNICODE..#define _tprintf_s wprintf_s.#define _tprintf_s_l _wprintf_s_l.#define _tcprintf_s _cwprintf_s.#define _tcprintf_s_l _cwprintf_s_l.#define _vtcprintf_s _vcwprintf_s.#define _vtcprintf_s_l _vcwprintf_s_l.#define _ftprintf_s fwprintf_s.#define _ftprintf_s_l _fwprintf_s_l.#define _stprintf_s swprintf_s.#define _stprintf_s_l _swprintf_s_l.#define _sntprintf_s _snwprintf_s.#define _sntprintf_s_l _snwprintf_s_l.#define _vtprintf_s vwprintf_s.#define _vtprintf_s_l _vwprintf_s_l.#define _vftprintf_s vfwprintf_s.#define _vftprintf_s_l _vfwprintf_s_l.#define _vstprintf_s vswprintf_s.#define _vstprintf_s_l _vswprintf_s_l.#define _vsntp

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\mbstring_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3615
                                                                                                                                                                                                                                                                        Entropy (8bit):4.86966174138245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:fo/15F1iM17NNse1NNNie16Nw11NNKe1/NNQe1uNO1Yk1gQ1Cs1s2s+w:wdi69Ah
                                                                                                                                                                                                                                                                        MD5:EDEDEEC78FA33C84025495013A88BF1A
                                                                                                                                                                                                                                                                        SHA1:7CB95B9B6DF8927222625EA101A72389B8A5318F
                                                                                                                                                                                                                                                                        SHA-256:D962AB8070958953F48B24C9EA068B345B158237826FB71B9A76D36CF2E8A32B
                                                                                                                                                                                                                                                                        SHA-512:B32E7891109560B4DF8BBBD1B3BB6D2ACEC9158C35743EB97A88F3B1237114979057B00ACD2CBB594CB1DB555E5AF5DDCAA610FE13C141A20494CA47319F65B0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MBSTRING_S.#define _INC_MBSTRING_S..#include <mbstring.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _MBSTRING_S_DEFINED.#define _MBSTRING_S_DEFINED. _CRTIMP errno_t __cdecl _mbscat_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscat_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbscpy_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscpy_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbslwr_s(unsigned char *_Str,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _mbslwr_s_l(

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\search_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):796
                                                                                                                                                                                                                                                                        Entropy (8bit):5.075906205009732
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BUksYTAKG2U1OAb9vw4DRWJKRWFoY2j9vw4DRWJKRW5:i2PSh0PDxjdUpbpw4NWIWFepw4NWIW5
                                                                                                                                                                                                                                                                        MD5:E0C3256D4BE1AD2A506755EB847C2D39
                                                                                                                                                                                                                                                                        SHA1:236108EEED6AFC8156950DAE94A055B90F8D169E
                                                                                                                                                                                                                                                                        SHA-256:96174E09F1C573C7FAEA85A6D568225A1B946E133C6C04A7BD6AA865C58896A2
                                                                                                                                                                                                                                                                        SHA-512:501E4C147ABA8CC08D3195BBA9328D3ED6186E8BFE60EF4DE65F09441F708ABDAAC9D7ED4C84CCD4CE21075F45D0C8B60B2BF8A927AD8A449C11EF6B2711032A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SEARCH_S.#define _INC_SEARCH_S..#include <search.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP void *__cdecl _lfind_s(const void *_Key,const void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);. _CRTIMP void *__cdecl _lsearch_s(const void *_Key,void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\stdio_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11508
                                                                                                                                                                                                                                                                        Entropy (8bit):4.850439541273333
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:nzXsE4vla8LmEtTcbA4MfaEU0zwyp0WEP9fF2V:8
                                                                                                                                                                                                                                                                        MD5:3C28755C2186DABAE016938E1308B77F
                                                                                                                                                                                                                                                                        SHA1:9437B43CD64ED70638DF695B1B9EAB34C1B04F57
                                                                                                                                                                                                                                                                        SHA-256:5107BED740C6274FFC767AD42DED6CE5A8F51CB0C73239D04D5A647D62EDF2F1
                                                                                                                                                                                                                                                                        SHA-512:9D89FE5E5B8396998A552E443970F45C8E9F2F04F180D14F1CBBDC56A1FD5AE0F2C9F81B8E25D0DCB20FB1437D9BD178A6DAD68A323AA0E9EAEF31B6B6D40F33
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO_S.#define _INC_STDIO_S..#include <stdio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _STDIO_S_DEFINED.#define _STDIO_S_DEFINED. _CRTIMP errno_t __cdecl clearerr_s(FILE *_File);. int __cdecl fprintf_s(FILE *_File,const char *_Format,...);. size_t __cdecl fread_s(void *_DstBuf,size_t _DstSize,size_t _ElementSize,size_t _Count,FILE *_File);. _CRTIMP int __cdecl _fscanf_s_l(FILE *_File,const char *_Format,_locale_t _Locale,...);. int __cdecl printf_s(const char *_Format,...);. _CRTIMP int __cdecl _scanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _scanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _snprintf_s(char *_DstBuf,size_t _DstSize,size_t _MaxCount,const char

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\stdlib_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4113
                                                                                                                                                                                                                                                                        Entropy (8bit):5.025747893872523
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:1ICzd9hzhSzms1NOsG1/zl1EzQm2pppJptakhplumHNNmeN4mfNaAqk58ikTNBkm:tp9hFS6s1gsiB3fnjhTVS24Y4LN
                                                                                                                                                                                                                                                                        MD5:AE13BD6218C4840EACAC71F31C45B2BC
                                                                                                                                                                                                                                                                        SHA1:E05D796CE8F5AEAA629CA9F1E3F6D4AC154148A2
                                                                                                                                                                                                                                                                        SHA-256:8650E34BE241C7D837433126878EB6A30EE71C0B759C23671FD8F0715C7CDE65
                                                                                                                                                                                                                                                                        SHA-512:689808A64C20260F3091E94DCE6EAABF8662BA627B4DE4C43ED685390565186E69FF229CB4755E9D3BD12B5C46E16CCFD848652703572E790DF7BBAB3824FF9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB_S.#define _INC_STDLIB_S..#include <stdlib.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _dupenv_s(char **_PBuffer,size_t *_PBufferSizeInBytes,const char *_VarName);. _CRTIMP errno_t __cdecl _itoa_s(int _Value,char *_DstBuf,size_t _Size,int _Radix);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _i64toa_s(__int64 _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl _ui64toa_s(unsigned __int64 _Val,char *_DstBuf,size_t _Size,int _Radix);.#endif. _CRTIMP errno_t __cdecl _ltoa_s(long _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl mbstowcs_s(size_t *_PtNumOfCharConverted,wchar_t *_DstBuf,size_t _SizeInWords,const char *_SrcBuf,size_t _MaxCount);. _CRTI

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\stralign_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):824
                                                                                                                                                                                                                                                                        Entropy (8bit):5.23907989533424
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDbldUsxgi7ZmA10jrL8sxqpCTkTAfEjd2FL0:GENuiZmU0jrIhT9jdKA
                                                                                                                                                                                                                                                                        MD5:C46DB571CFDB29EA8F977222B4BDA152
                                                                                                                                                                                                                                                                        SHA1:727F853FE74015580AE152B7DA8E1958B19FE22B
                                                                                                                                                                                                                                                                        SHA-256:B23F0CF79D5455E232D92792E2B2BE38125A02808BC005049367BAB68DA1300B
                                                                                                                                                                                                                                                                        SHA-512:747FEFA9B6DC0B5B1DE13ACFFBECCDBD7542A1241DEE3299F584FD08D65EAE8D1814305C44FC5AD580D865CF73AE9A8072F5AD7FD5E8439DE034EE82FD789CA7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __STRALIGN_H_S_.#define __STRALIGN_H_S_..#include <stralign.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#if !defined(I_X86_) && defined(_WSTRING_S_DEFINED).#if defined(__cplusplus) && defined(_WConst_Return). static __inline PUWSTR ua_wcscpy_s(PUWSTR Desusertion,size_t DesusertionSize,PCUWSTR Source) {. if(WSTR_ALIGNED(Source) && WSTR_ALIGNED(Desusertion)) return (wcscpy_s((PWSTR)Desusertion,DesusertionSize,(PCWSTR)Source)==0 ? Desusertion : NULL);. return uaw_wcscpy((PCUWSTR)String,Character);. }.#endif.#endif..#ifdef __cplusplus.}.#endif.#endif.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\string_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1787
                                                                                                                                                                                                                                                                        Entropy (8bit):4.917564903414643
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GdhfZfj5LsD61nVtwNwDmwMRTNU5bTTwNTrbTy7TZe1TGdTt8u:QZZfNLsD61V+NwDmw0hUZgNnbu71e1a9
                                                                                                                                                                                                                                                                        MD5:544899F39CA616AE07D97A2FEE8DE3D4
                                                                                                                                                                                                                                                                        SHA1:2F95831D27CC918E633E8D711087CCF7C3DA918B
                                                                                                                                                                                                                                                                        SHA-256:EEF32FB505B98A3610923E8DDB3DE724C55B44389D25CEF7CF50EE3CD14F5D68
                                                                                                                                                                                                                                                                        SHA-512:20DBF6C25FF2270402BB4EB99430B83128F66D577B7C9277CACBF8CDB5438EC58B6B1EA468499D1F48338CF4F2433A1A0E59E242F812B419C6AFC637340C86AB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING_S.#define _INC_STRING_S..#include <string.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _strset_s(char *_Dst,size_t _DstSize,int _Value);. _CRTIMP errno_t __cdecl _strerror_s(char *_Buf,size_t _SizeInBytes,const char *_ErrMsg);. _CRTIMP errno_t __cdecl _strlwr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strlwr_s_l(char *_Str,size_t _Size,_locale_t _Locale);. _CRTIMP errno_t __cdecl _strnset_s(char *_Str,size_t _Size,int _Val,size_t _MaxCount);. _CRTIMP errno_t __cdecl _strupr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strupr_s_l(char *_Str,size_t _Size,_locale_t _Locale);.#ifndef _WSTRING_S_DEFINED.#define _WSTRING_S_DEFINED. _CRTIMP wchar_t *__cdecl wcstok_s(wchar_t *_St

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-MAPM9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):653
                                                                                                                                                                                                                                                                        Entropy (8bit):5.082827078744625
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BjksvAEfG2U17NrOmRyOmRpILKuhQziQFgu7voLKuhNzia:i2PSh0PDjkcTUhNCQR8RAj
                                                                                                                                                                                                                                                                        MD5:001FD701688E91D3781D43714B993275
                                                                                                                                                                                                                                                                        SHA1:A1825995271FE96DC766421CEDC606384CD92201
                                                                                                                                                                                                                                                                        SHA-256:D153417EC64EB7B1504749BCA6477EFD51B4B22DE670518F4FDC2701080145C0
                                                                                                                                                                                                                                                                        SHA-512:F4F4A8D796E74CB0AD2A06DD153EBAF4CD16C431FDC67B7C2FBBDC4466147593421AE0F60A620503B21DC3C05C6480CA483BD077AFB10DACA46529996B4391B6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _TIMEB_H_S.#define _TIMEB_H_S..#include <sys/timeb.h>..#ifdef __cplusplus.extern "C" {.#endif..#if defined(MINGW_HAS_SECURE_API)..#ifdef _USE_32BIT_TIME_T.#define _ftime_s _ftime32_s.#else.#define _ftime_s _ftime64_s.#endif.. _CRTIMP errno_t __cdecl _ftime32_s(struct __timeb32 *_Time);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ftime64_s(struct __timeb64 *_Time);.#endif.#endif..#ifdef __cplusplus.}.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\timeb_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):653
                                                                                                                                                                                                                                                                        Entropy (8bit):5.082827078744625
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BjksvAEfG2U17NrOmRyOmRpILKuhQziQFgu7voLKuhNzia:i2PSh0PDjkcTUhNCQR8RAj
                                                                                                                                                                                                                                                                        MD5:001FD701688E91D3781D43714B993275
                                                                                                                                                                                                                                                                        SHA1:A1825995271FE96DC766421CEDC606384CD92201
                                                                                                                                                                                                                                                                        SHA-256:D153417EC64EB7B1504749BCA6477EFD51B4B22DE670518F4FDC2701080145C0
                                                                                                                                                                                                                                                                        SHA-512:F4F4A8D796E74CB0AD2A06DD153EBAF4CD16C431FDC67B7C2FBBDC4466147593421AE0F60A620503B21DC3C05C6480CA483BD077AFB10DACA46529996B4391B6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _TIMEB_H_S.#define _TIMEB_H_S..#include <sys/timeb.h>..#ifdef __cplusplus.extern "C" {.#endif..#if defined(MINGW_HAS_SECURE_API)..#ifdef _USE_32BIT_TIME_T.#define _ftime_s _ftime32_s.#else.#define _ftime_s _ftime64_s.#endif.. _CRTIMP errno_t __cdecl _ftime32_s(struct __timeb32 *_Time);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ftime64_s(struct __timeb64 *_Time);.#endif.#endif..#ifdef __cplusplus.}.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\tchar_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8328
                                                                                                                                                                                                                                                                        Entropy (8bit):4.549418379824187
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:bQGkyRvKPf4e80QgHRySdrCcNNXe1FcNNFe1d6O1yv61ycNNue1ccNNYe1e1O1e3:c11WgJ17OBBapWcEqJ
                                                                                                                                                                                                                                                                        MD5:1C3243D5951CCF4C4007E89FD366631D
                                                                                                                                                                                                                                                                        SHA1:48FE81CEA21230097C39FFC92C9B5BCAB3B4D0B1
                                                                                                                                                                                                                                                                        SHA-256:A5318CCEB241962769169C32A3CE5BFB9A075A52EDBAC31AAD33B0D7B897B544
                                                                                                                                                                                                                                                                        SHA-512:F6D25B5532745933F4320280AC21DD02CD12872639333B3AD04F4EFBBB42CFE51F5AD828F6CB2134968F5503979029AC38AD208572AD3FD298BDCC97677ECEDD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TCHAR_S.#define _INC_TCHAR_S..#include <tchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _UNICODE..#define _tprintf_s wprintf_s.#define _tprintf_s_l _wprintf_s_l.#define _tcprintf_s _cwprintf_s.#define _tcprintf_s_l _cwprintf_s_l.#define _vtcprintf_s _vcwprintf_s.#define _vtcprintf_s_l _vcwprintf_s_l.#define _ftprintf_s fwprintf_s.#define _ftprintf_s_l _fwprintf_s_l.#define _stprintf_s swprintf_s.#define _stprintf_s_l _swprintf_s_l.#define _sntprintf_s _snwprintf_s.#define _sntprintf_s_l _snwprintf_s_l.#define _vtprintf_s vwprintf_s.#define _vtprintf_s_l _vwprintf_s_l.#define _vftprintf_s vfwprintf_s.#define _vftprintf_s_l _vfwprintf_s_l.#define _vstprintf_s vswprintf_s.#define _vstprintf_s_l _vswprintf_s_l.#define _vsntp

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\time_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2331
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0544392912710165
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GcrXMDj5Rqf/Hj57+jJij5NiTiM7AdKCLUJXbfb7SlE6BQ5Sl625a:HrONRqf/HN7+9iNYm+AdKCLUJXbfYE6S
                                                                                                                                                                                                                                                                        MD5:EDC9CC4A2A0B921D3167F19D2D162F0B
                                                                                                                                                                                                                                                                        SHA1:424E2246A5B852CC80AC043F681A12F4ED95882B
                                                                                                                                                                                                                                                                        SHA-256:9AE9CB7A3164AD0093E3887B0CA09BB67498DA51BB44E9BE500B60E72A385DC0
                                                                                                                                                                                                                                                                        SHA-512:3C81D4917E9A47307393EA6AF3C6E945F6F6ACC1BAEFA764E500054F84BBAEDDA83B7CCDBAC3A1EC526E389EC7A095B0A6676AE09CEEA63EF1E95B5DE004B018
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H__S.#define _TIME_H__S..#include <time.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _ctime32_s(char *_Buf,size_t _SizeInBytes,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _gmtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _localtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _strdate_s(char *_Buf,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _strtime_s(char *_Buf ,size_t _SizeInBytes);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ctime64_s(char *_Buf,size_t _SizeInBytes,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _gmtime64_s(struct tm *_Tm,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _localtime64_s(struct tm *_Tm,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sec_api\wchar_s.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):7492
                                                                                                                                                                                                                                                                        Entropy (8bit):5.001674571619953
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:2s3ligWmjN2JcabAOrco1/x+pxJrx8NxDhW21TUSBL/jCh3HzTxpppJptakhplFY:lUEU0zwyx3fnjhTtj7P9AJbfYFa
                                                                                                                                                                                                                                                                        MD5:37C52897CBB44A15BD22203CF8882566
                                                                                                                                                                                                                                                                        SHA1:27A8F810ADB10BCFD84DB971163C98ED81C3BDF9
                                                                                                                                                                                                                                                                        SHA-256:5A470AC358B2D951202182F9EC1F945331C23A8D79629AD4EDB08B7D73CFAEE4
                                                                                                                                                                                                                                                                        SHA-512:5217C9246A458EAB5657B219D136CEC221EF0539CB5C5D02BF9E1FE88159A758B247E2D925312636AA8BE4665B9D52641A9D3F2613256C3FF88985ED1D50CA05
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR_S.#define _INC_WCHAR_S..#include <wchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifndef _WCONIO_S_DEFINED.#define _WCONIO_S_DEFINED. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,size_t *_SizeRead);. _CRTIMP int __cdecl _cwprintf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s_l(const wchar_t *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcwprintf_s(const wchar_t *_Format,va_list _ArgList);. _C

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\setjmp.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3867
                                                                                                                                                                                                                                                                        Entropy (8bit):5.235190435579294
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:hINzkdpqiPK62I7m503BDSX92h1Mjw9dQZOpxrW7qcvshO+RgA2CRu/PXOE:hINzkdpqiPKdI7m503FSXUhOjw9Fpxrs
                                                                                                                                                                                                                                                                        MD5:8BF97DC43B347CBCF622768EF43090EF
                                                                                                                                                                                                                                                                        SHA1:E6BE2C1B1FE50C19BCD2814E3827C7D94680E51B
                                                                                                                                                                                                                                                                        SHA-256:B6164EB7FAE4A12163251492F7F4E56CC50D146EC7A2F5640D86ECA4D095046F
                                                                                                                                                                                                                                                                        SHA-512:F2F1A16A1D719B10A20B8BE8B5046E151C50792D8D07A2E7F6BC8EB0D53FFCE7E66E53934E688FD1C3FDFE00545BF203267FB59CBD289AD92F3786E473F8198F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SETJMP.#define _INC_SETJMP..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#if (defined(_X86_) && !defined(__x86_64))..#define _JBLEN 16.#define _JBTYPE int.. typedef struct __JUMP_BUFFER {. unsigned long Ebp;. unsigned long Ebx;. unsigned long Edi;. unsigned long Esi;. unsigned long Esp;. unsigned long Eip;. unsigned long Registration;. unsigned long TryLevel;. unsigned long Cookie;. unsigned long UnwindFunc;. unsigned long UnwindData[6];. } _JUMP_BUFFER;.#elif defined(__ia64__). typedef _CRT_ALIGN(16) struct _SETJMP_FLOAT128 {. __int64 LowPart;. __int64 HighPart;. } SETJMP_FLOAT128;..#define _JBLEN 33. typedef SETJMP_FLOAT128 _JBTYPE;.. typedef struct __JUMP_BUFFER {..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\share.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):639
                                                                                                                                                                                                                                                                        Entropy (8bit):5.116570644892466
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BWIYKIiSUfwfvarry9rowrrqir3qGr+PFeHqveB7n4y8yvkA4p:i2PSh0PDWWIivavaq98whzlgFeHqve7u
                                                                                                                                                                                                                                                                        MD5:540EF403878DDBE2D4682540DA20095F
                                                                                                                                                                                                                                                                        SHA1:4E3230DF4B7A906CDC3B6E3E1A5CC768CC79C327
                                                                                                                                                                                                                                                                        SHA-256:6DE922C1BD7EEDC33308304785C212945064D763EEDFB373C09CBBB5CB933DDE
                                                                                                                                                                                                                                                                        SHA-512:7C27842CB6F3D2B9707A5DF55B45BCC5DD613CDA8C550F0232F0CB9DF8B59013F428EC3FC07FB002DFF80D26BB9941CE76CAADD22BD4B539C9F11EA13FE12EF5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SHARE.#define _INC_SHARE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#define _SH_COMPAT 0x00.#define _SH_DENYRW 0x10.#define _SH_DENYWR 0x20.#define _SH_DENYRD 0x30.#define _SH_DENYNO 0x40.#define _SH_SECURE 0x80..#ifndef.NO_OLDNAMES.#define SH_COMPAT _SH_COMPAT.#define SH_DENYRW _SH_DENYRW.#define SH_DENYWR _SH_DENYWR.#define SH_DENYRD _SH_DENYRD.#define SH_DENYNO _SH_DENYNO.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\signal.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1583
                                                                                                                                                                                                                                                                        Entropy (8bit):5.223946000134317
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:i2PSh0PDPvH5BolYl9cEPXEDv5JOhS3zDOE/MVuTYE3tmV+Rv4fMBzN80FnPibwB:GWcqvvsDNzD9koS+94fQzN8OPibwDrhT
                                                                                                                                                                                                                                                                        MD5:A106C85866BF88A68510029349149B52
                                                                                                                                                                                                                                                                        SHA1:989F8BF922CAC5BEB03905A0E35C3C7B4B125C85
                                                                                                                                                                                                                                                                        SHA-256:045A031B376733ED7A685BC01709F5281403729FF7C601B913B2ACA2FE1493BB
                                                                                                                                                                                                                                                                        SHA-512:205611A36897D5A87EB54DA5C2C193680DAD95DDA01A55DCEF61665ED09EFD322A20F276D9419A64144941CF0B59339FF9D15C1A7A9C86DA60F140364EACFF73
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SIGNAL.#define _INC_SIGNAL..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _SIG_ATOMIC_T_DEFINED.#define _SIG_ATOMIC_T_DEFINED. typedef int sig_atomic_t;.#endif..#define NSIG 23..#define.SIGHUP.1./* hangup */.#define SIGINT 2.#define.SIGQUIT.3./* quit */.#define SIGILL 4.#define.SIGTRAP.5./* trace trap (not reset when caught) */.#define.SIGIOT.6./* IOT instruction */.#define.SIGABRT 6./* used by abort, replace SIGIOT in the future */.#define.SIGEMT.7./* EMT instruction */.#define SIGFPE 8.#define.SIGKILL.9./* kill (cannot be caught or ignored) */.#define.SIGBUS.10./* bus error */.#define SIGSEGV 11.#define.SIGSYS.12./* bad argument to system call */.#define.SIGPIPE.13./* write on a pipe with no one to read it */.#ifdef __USE_MINGW_ALARM.#def

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stdarg.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2494
                                                                                                                                                                                                                                                                        Entropy (8bit):4.862990168468474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:QAs3d3qmP8lV0TTPWuj/ATVhpIOFf6yrsEgTvVOFobil:QAGdafP0P/IiA
                                                                                                                                                                                                                                                                        MD5:4FE6BA37DEC896AB822646118B5343CE
                                                                                                                                                                                                                                                                        SHA1:EA68660748139159643AB495AA1EC9287A5E20FF
                                                                                                                                                                                                                                                                        SHA-256:116504A7C3FEABBC4551E9DB0BEC957170647EF2067EB46A4304BCBFDDCE5A30
                                                                                                                                                                                                                                                                        SHA-512:6B3304630293A2A5C1D4870B088A7FA2681354A4D28D6DFD97CDA16E102D6E97A19CB5C9A840C8587479E4A559AB3EE781F1E9001F1336C9318988B1F2F22CC7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDARG_H.#define _STDARG_H..#ifdef __x86_64__.#ifndef _WIN64..//This should be in sync with the declaration on our lib/libtcc1.c./* GCC compatible definition of va_list. */.typedef struct {. unsigned int gp_offset;. unsigned int fp_offset;. union {. unsigned int overflow_offset;. char *overflow_arg_area;. };. char *reg_save_area;.} __va_list_struct;..typedef __va_list_struct va_list[1];..void __va_start(__va_list_struct *ap, void *fp);.void *__va_arg(__va_list_struct *ap, int arg_type, int size, int align);..#define va_start(ap, last) __va_start(ap, __builtin_frame_address(0)).#define va_arg(ap, type) \. (*(type *)(__va_arg(ap, __builtin_va_arg_types(type), sizeof(type), __alignof__(type)))).#define va_copy(dest, src) (*(dest) = *(src)).#define va_end(ap)../* avoid conflicting definition for va_list on Macs. */.#define _VA_LIST_T..#else /* _WIN64 */.typedef char *va_list;.#define va_start(ap,last) _

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stdbool.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                                                        Entropy (8bit):4.607652660491414
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YDC60AhCWNRSh4Hf9OKhW70rAcM05eB70AUrEtvQ7DM0zU2kx4Cv:mp0AnRoCkKu0McM0sF0AUn7f4Tv
                                                                                                                                                                                                                                                                        MD5:7D294F4EC2C9640974803A61153EF3DD
                                                                                                                                                                                                                                                                        SHA1:3BC244518F863B754A97CA1B756580974C0D4356
                                                                                                                                                                                                                                                                        SHA-256:5252824225DDC486B0460677F765E4157AF5D3ED7ACD65B310A4045EAFB56AF7
                                                                                                                                                                                                                                                                        SHA-512:FF09177DCD695A185D66AFA8405EB7BF0883D4C1E6507F00A12CD958562E2F0444867F6DABDEE6E50CD5977897E4D878F31CB51888BA6878829C96CBF80FB283
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDBOOL_H.#define _STDBOOL_H../* ISOC99 boolean */..#define bool._Bool.#define true.1.#define false.0.#define __bool_true_false_are_defined 1..#endif /* _STDBOOL_H */.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stddef.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1402
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8724440555000506
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:d19VSrcs/mbR/4Cm+iOwHCFFfJNn9DAP6V2OCB6E7LuNcWmY/CDGAsC:5VSrH/TCeCFD59DGJUEnhzY/6GA9
                                                                                                                                                                                                                                                                        MD5:8B03F5DA84F6175FB1213C1208BB0944
                                                                                                                                                                                                                                                                        SHA1:FB7A374705241EE8BA4C59C6BD4829A97B90FA55
                                                                                                                                                                                                                                                                        SHA-256:C91FFAAEF5231C6D7E744E0700F1F429C9CFAD88A4112FDD5ABABB701F3B5A4B
                                                                                                                                                                                                                                                                        SHA-512:038DA70FFDA4BF66CDF6D0D6792F51B140B0E6EEC8351A286A51D454A81E0571779E16985519DAB47F3B48E6102A54A40101634B86F556C95C2128DC6AED4283
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _STDDEF_H.#define _STDDEF_H..typedef __SIZE_TYPE__ size_t;.typedef __PTRDIFF_TYPE__ ssize_t;.typedef __WCHAR_TYPE__ wchar_t;.typedef __PTRDIFF_TYPE__ ptrdiff_t;.typedef __PTRDIFF_TYPE__ intptr_t;.typedef __SIZE_TYPE__ uintptr_t;..#ifndef __int8_t_defined.#define __int8_t_defined.typedef signed char int8_t;.typedef signed short int int16_t;.typedef signed int int32_t;.#ifdef __LP64__.typedef signed long int int64_t;.#else.typedef signed long long int int64_t;.#endif.typedef unsigned char uint8_t;.typedef unsigned short int uint16_t;.typedef unsigned int uint32_t;.#ifdef __LP64__.typedef unsigned long int uint64_t;.#else.typedef unsigned long long int uint64_t;.#endif.#endif..#ifndef NULL.#define NULL ((void*)0).#endif..#define offsetof(type, field) ((size_t)&((type *)0)->field)..void *alloca(size_t size);..#endif../* Older glibc require a wint_t from <stddef.h> (when requested. by __need_wint_t, as otherwise stddef.h isn't allowed to. define this type). Note that this must

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stdint.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6333
                                                                                                                                                                                                                                                                        Entropy (8bit):5.377774221268906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Od4Q69/YQhMgPRVQzD+5VO7wRUNsNwxzMD2eT:Ou/f3Riz65VO7wRUNsNwxG
                                                                                                                                                                                                                                                                        MD5:90C1945AFA014FC0F8D17078C51502CA
                                                                                                                                                                                                                                                                        SHA1:F3A15DC3E32ED97B8CC34C1AFA2C66ECBA3B3BE4
                                                                                                                                                                                                                                                                        SHA-256:33C6C8DA7D564B5702AF8C6FF45C00A16842BA3FFE3F95F7F6232752F63C5AFD
                                                                                                                                                                                                                                                                        SHA-512:BE8557BDA158662ACC18CBD4445D4D2E6787FB5C78A67F0D0E4A62FFC9D2B1173C30C66CA5C6A247DA8FE7C38B7C57AFF050BD4A35B0120BD95400CFB4C2C2B6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* ISO C9x 7.18 Integer types <stdint.h>. * Based on ISO/IEC SC22/WG14 9899 Committee draft (SC22 N2794). *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * Contributor: Danny Smith <danny_r_smith_2001@yahoo.co.nz>. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. * Date: 2000-12-02. */...#ifndef _STDINT_H.#define _STDINT_H..#include <_mingw.h>..#define __need_wint_t.#define __need_wchar_t.#include "stddef.h"..#ifndef __int8_t_defined.#define __int8_t

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stdio.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14903
                                                                                                                                                                                                                                                                        Entropy (8bit):5.137879509844942
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:VgGovkt8YzcfdLDQgPVj85xhpp0DghdWRUeuzIDcDW40aMsGQLZX9QLbiR:KGr8ocfdL0w5shpwf40lsGQ6biR
                                                                                                                                                                                                                                                                        MD5:F4948ADEA7D9F60748DE8B427AB85684
                                                                                                                                                                                                                                                                        SHA1:101AD5424E182236EB7F537F17CE846C917CED27
                                                                                                                                                                                                                                                                        SHA-256:749059834143BCD5BDCEA13FC863C8B6587A89D6DFC84CD5017A98DF190DEFBD
                                                                                                                                                                                                                                                                        SHA-512:49847CA1A78BC100739B3AFC8A0D607AC37E340CEBBB0C04B2C067CDBDD6ED33AC5557214282699A89E39F4B8BB3A8B6383FC0A25C19265089E09B08765EA693
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO.#define _INC_STDIO..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#define BUFSIZ 512.#define _NFILE _NSTREAM_.#define _NSTREAM_ 512.#define _IOB_ENTRIES 20.#define EOF (-1)..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifdef _POSIX_.#define _P_tmpdir "/".#define _wP_tmpdir L"/".#else.#define _P_tmpdir "\\".#define _wP_tmpdir L"\\".#endif..#define L_tmpnam (sizeof(_P_tmpdir) + 12)..#ifdef _POSIX_.#define L_ctermid 9.#define L_cuserid 32.#endif..#define SEEK_CUR 1.#define SEEK_END 2.#define SEEK_SET 0..#define STDIN_FILENO

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\stdlib.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20426
                                                                                                                                                                                                                                                                        Entropy (8bit):5.091356495974476
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:X5I7a44IVaadf7trkr6vrRcbCGX8XnaTjWb5:Uvf7trkr6vrRHaTjWb5
                                                                                                                                                                                                                                                                        MD5:53D74BF044942015FEC4AFD293D2F9A8
                                                                                                                                                                                                                                                                        SHA1:010AB014E3B81B3A7E2D1D87FF0281A8736A4ABC
                                                                                                                                                                                                                                                                        SHA-256:5BBA095A2D22A6BC0670F73BFEBBA63CFEC65F8B7C248E84E36B3D7EDE0A4F3C
                                                                                                                                                                                                                                                                        SHA-512:64B66F0D610D37E6F55702130FAD39F39D30F44D33221C6A985CD03948968D4C4CAFB7676402A9A4A029C8539EFBFA5801C0D1BCBF667B876F3E7BB08F9BF89F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB.#define _INC_STDLIB..#include <_mingw.h>.#include <limits.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define EXIT_SUCCESS 0.#define EXIT_FAILURE 1..#ifndef _ONEXIT_T_DEFINED.#define _ONEXIT_T_DEFINED.. typedef int (__cdecl *_onexit_t)(void);..#ifndef NO_OLDNAMES.#define onexit_t _onexit_t.#endif.#endif..#ifndef _DIV_T_DEFINED.#define _DIV_T_DEFINED.. typedef struct _div_t {. int quot;. int rem;. } div_t;.. typedef struct _ldiv_t {. long quot;. long rem;. } ldiv_t;.#endif..#ifndef _CRT_DOUBLE_DEC.#define _CRT_DOUBLE_DEC..#pragma pack(4). typedef struct {. unsigned char ld[10];. } _LDOUBLE;.#pragma pack()..#defin

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\string.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8590
                                                                                                                                                                                                                                                                        Entropy (8bit):4.845158903423087
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9SahrQ/tJUaRaV/f7WtxfeiZDHy6U4diocGLIvHKLhfyW7Ja0+8:9sJlS6H
                                                                                                                                                                                                                                                                        MD5:7E3AC3220BF883DA2DB8CDC7B8100D0B
                                                                                                                                                                                                                                                                        SHA1:666E6F91306EF6412AE912FA386B3DECC6332AD5
                                                                                                                                                                                                                                                                        SHA-256:D5C02C22653784792EEFF04CC453467BA22C214D9ACE876127EAB5FCCCBCA762
                                                                                                                                                                                                                                                                        SHA-512:1E27E9E73C5D3FBEC7CE41CB3B5FD6615BACC416991321BCE22B599150902352CF60078CD447BBBBD49F3106254C5E88E3FB01CA7DE62DA9A4DEDB6FD60F9B7A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING.#define _INC_STRING..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _NLSCMP_DEFINED.#define _NLSCMP_DEFINED.#define _NLSCMPERROR 2147483647.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Bu

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\fcntl.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):359
                                                                                                                                                                                                                                                                        Entropy (8bit):4.783912410510983
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1nDA4bf1CAA9:UJJISFcShcFP+4B7SFRClV1ns4xCAA9
                                                                                                                                                                                                                                                                        MD5:26DAC89B148799164D02AC701AA67E91
                                                                                                                                                                                                                                                                        SHA1:018DB361295E5C140DE8131BB148A09ABA0E3532
                                                                                                                                                                                                                                                                        SHA-256:2B4F660FFD8994AFA0387407051E3CA7ECC8FE44BEB2ADD2D431CD52CE8AD9C4
                                                                                                                                                                                                                                                                        SHA-512:94BCF1A20D11ADF422B9A83521A5D6950ECA35144CDD719C9CBB483BFB9FC0E57D1BA02D29347A9006B25B1DAC746FDEE952BFDED1E55139586BB9D50386B8B3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This fcntl.h maps to the root fcntl.h. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\file.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):367
                                                                                                                                                                                                                                                                        Entropy (8bit):4.814423977077851
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1n6LACqMMf1CAA9:UJJISFcShcFP+4B7SFRClV1n/pHCAA9
                                                                                                                                                                                                                                                                        MD5:DA489932C3143982E94284F464F835CD
                                                                                                                                                                                                                                                                        SHA1:78FC0CCE2B7B047712B753AF6DF40258623D2620
                                                                                                                                                                                                                                                                        SHA-256:B6E779C53140C117BC36BD335C64BFCB13AE4C2C486B94783B32149A6EB2D320
                                                                                                                                                                                                                                                                        SHA-512:02ECE23C55D9C425F2B53C4D3AAFB7CE12B15995AB276CEFA9254C37499B0735FAF43EE32B67BF6A542EEC5147294BD5C16DFE51CAEFEC6C5B1C7807A4FD5858
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This file.h maps to the root fcntl.h. * TODO?. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-8CHU6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6881
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0578662257513605
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:1Roa8xTSS9V89V0B9V69VP9VCJQI99wMupDGi+dpq+p:UdTSE44GPkfyDGi+Lq+p
                                                                                                                                                                                                                                                                        MD5:C03D618D6697B5E3992FEEA86A9C4CB8
                                                                                                                                                                                                                                                                        SHA1:4536CCD81AAEF11CF7480649B8B99836C8B32291
                                                                                                                                                                                                                                                                        SHA-256:4DC126AB4B3177DA85E40ED56A7D4516105E436A4624272992816B23E03915B5
                                                                                                                                                                                                                                                                        SHA-512:236235AA9B16B4CEB82C05BF526ECA702CB7D8C542F88D0BDB2416AC3BE8214688E6BA47BD253AAA877E173197035FD1EA7BF88AAE6C72C907E898182A5593C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STAT.#define _INC_STAT..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#include <sys/types.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __tim

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-CLEPH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):359
                                                                                                                                                                                                                                                                        Entropy (8bit):4.783912410510983
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1nDA4bf1CAA9:UJJISFcShcFP+4B7SFRClV1ns4xCAA9
                                                                                                                                                                                                                                                                        MD5:26DAC89B148799164D02AC701AA67E91
                                                                                                                                                                                                                                                                        SHA1:018DB361295E5C140DE8131BB148A09ABA0E3532
                                                                                                                                                                                                                                                                        SHA-256:2B4F660FFD8994AFA0387407051E3CA7ECC8FE44BEB2ADD2D431CD52CE8AD9C4
                                                                                                                                                                                                                                                                        SHA-512:94BCF1A20D11ADF422B9A83521A5D6950ECA35144CDD719C9CBB483BFB9FC0E57D1BA02D29347A9006B25B1DAC746FDEE952BFDED1E55139586BB9D50386B8B3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This fcntl.h maps to the root fcntl.h. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-DQTR2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):367
                                                                                                                                                                                                                                                                        Entropy (8bit):4.814423977077851
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1n6LACqMMf1CAA9:UJJISFcShcFP+4B7SFRClV1n/pHCAA9
                                                                                                                                                                                                                                                                        MD5:DA489932C3143982E94284F464F835CD
                                                                                                                                                                                                                                                                        SHA1:78FC0CCE2B7B047712B753AF6DF40258623D2620
                                                                                                                                                                                                                                                                        SHA-256:B6E779C53140C117BC36BD335C64BFCB13AE4C2C486B94783B32149A6EB2D320
                                                                                                                                                                                                                                                                        SHA-512:02ECE23C55D9C425F2B53C4D3AAFB7CE12B15995AB276CEFA9254C37499B0735FAF43EE32B67BF6A542EEC5147294BD5C16DFE51CAEFEC6C5B1C7807A4FD5858
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This file.h maps to the root fcntl.h. * TODO?. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-HKO42.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1717
                                                                                                                                                                                                                                                                        Entropy (8bit):5.134085097588011
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GIN024uIvNjYW0Q3VE9/6MLE0Rfn0AzMb:/02E18W0Q3+IclRf0nb
                                                                                                                                                                                                                                                                        MD5:D8BDDDB8A0B2E59371CE79EF056873C5
                                                                                                                                                                                                                                                                        SHA1:25F481B63F4343DCD56D2F15FE205F16BF008CB1
                                                                                                                                                                                                                                                                        SHA-256:518741F286545434DF676572E53BF8553B0496A7138942DC6B20FF252B4293E4
                                                                                                                                                                                                                                                                        SHA-512:4E009938EB6499F59022D1C2227A7E10FDE44C1CC4A38DE415B9E2C4E932E302C25845D68C6B2107CC037AB8053FE43350B2312A70130880004881E53EDB8F16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _SYS_TIME_H_.#define _SYS_TIME_H_..#include <time.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef __STRICT_ANSI__.#ifndef _TIMEVAL_DEFINED /* also in winsock[2].h */.#define _TIMEVAL_DEFINED.struct timeval {. long tv_sec;. long tv_usec;.};.#define timerisset(tvp). ((tvp)->tv_sec || (tvp)->tv_usec).#define timercmp(tvp, uvp, cmp) \. (((tvp)->tv_sec != (uvp)->tv_sec) ? \. ((tvp)->tv_sec cmp (uvp)->tv_sec) : \. ((tvp)->tv_usec cmp (uvp)->tv_usec)).#define timerclear(tvp). (tvp)->tv_sec = (tvp)->tv_usec = 0.#endif /* _TIMEVAL_DEFINED */..#ifndef _TIMEZONE_DEFINED /* also in sys/time.h */.#define _TIMEZONE_DEFINED./* Provided for compatibility with code that assumes that. the presence of gettimeofday function implies a definition. of struct timezone. */.struc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-KCJ9D.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):351
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8356374612162245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1y19q/MqL9FPKvbf1CAARc:UJJISFcShcFP+4B7SFRClV1yoxFyvxCU
                                                                                                                                                                                                                                                                        MD5:244C135562D0B700D037299E0052A855
                                                                                                                                                                                                                                                                        SHA1:59F8A3B33C5CC8BBF95E4B57300628E7599DF682
                                                                                                                                                                                                                                                                        SHA-256:1F595A85CAEEEF7385A0BDA94AF51896B214EE26056484AF50353E9393DE1929
                                                                                                                                                                                                                                                                        SHA-512:1F5DEF177331B0E4DD86B5FC38FC9CF4F679BCA644C26C993D2A911DCF39DB452D084BF29D76430F5704E218CBCCD86D68F11D38C07B93A818EE446BA249EB53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * unistd.h maps (roughly) to io.h. */.#ifndef __STRICT_ANSI__.#include <io.h>.#endif..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-M0CP2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):648
                                                                                                                                                                                                                                                                        Entropy (8bit):4.971114123290285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BFYLiSUfmMLGe2wAdcQr+VDRwrf7AIDjBArvjUOpy:i2PSh0PD+ivmMy4CVEABYjUOpy
                                                                                                                                                                                                                                                                        MD5:28BD6385B1C6AF18F7B2B2FA7F66827A
                                                                                                                                                                                                                                                                        SHA1:AD01251C9D742578F2962D71A17969DA842C5A2A
                                                                                                                                                                                                                                                                        SHA-256:29786145E9AF34A1F96E7368855B19E8879FC80D35A172D9BA97D3C7FC2F6311
                                                                                                                                                                                                                                                                        SHA-512:04DF92A3257B4A87FC1A00C65F700C6A9F4897FF3E258FBD27A3B3AD5426A35FAA7371735F829F4DA40E622E75A8259D4022F0F54BF8F52CA5ACFD234ED75CBE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCKING.#define _INC_LOCKING..#ifndef _WIN32.#error Only Win32 target is supported!.#endif../* All the headers include this file. */.#include <_mingw.h>..#define _LK_UNLCK 0.#define _LK_LOCK 1.#define _LK_NBLCK 2.#define _LK_RLCK 3.#define _LK_NBRLCK 4..#ifndef.NO_OLDNAMES.#define LK_UNLCK _LK_UNLCK.#define LK_LOCK _LK_LOCK.#define LK_NBLCK _LK_NBLCK.#define LK_RLCK _LK_RLCK.#define LK_NBRLCK _LK_NBRLCK.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-O0QMM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2128
                                                                                                                                                                                                                                                                        Entropy (8bit):5.025170221794001
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:G/uvbKQUIpV0OC1I/bFHb3wHbdyOkvk4QEa2K:WMKQ7V0/SFHDwHxkvkpExK
                                                                                                                                                                                                                                                                        MD5:C8F3B2F1FCF386398B5F130F0599A72E
                                                                                                                                                                                                                                                                        SHA1:242163A76E04F20CE4B3D5D0A959D66B978F43AD
                                                                                                                                                                                                                                                                        SHA-256:F1C3F9E5C811A63BEBAE5229042C09CB5E057F4117FD31B45AACBB4C3A626DF8
                                                                                                                                                                                                                                                                        SHA-512:3239360E2F810EBBB853581E01657A69BA9A56F6BBB29288011D6F842CE2C405D27A7D818C5E4809AE053481723DFA7DC37E4778EDFE6B6392884EB32804AA03
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TYPES.#define _INC_TYPES..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED.typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T.typedef __time32_t time_t;.#else.typedef __time64_t time_t;.#endif.#endif..#ifndef _INO_T_DEFINED.#define _INO_T_DEFINED.typedef unsigned short _ino_t;.#ifndef.NO_OLDNAMES.typedef unsigned short ino_t;.#

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-Q19F8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3429
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0927661539295
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:0AqQeDbkF8080FQrkLt17kciYcTh6Wkcakc/Dk3Ih67k3R:0AVebbrShi1THhahrIIYIR
                                                                                                                                                                                                                                                                        MD5:0FD455848E3B07648883FF0C890BA3B6
                                                                                                                                                                                                                                                                        SHA1:22430C3CA7A2FABF95297BA72CA5FB175E37E996
                                                                                                                                                                                                                                                                        SHA-256:524312E3E8A325F7D5AFC21DDB8FCBCEB85D451175E07EF1BEADB7F82FA368B3
                                                                                                                                                                                                                                                                        SHA-512:53ADBB9316B7AD49BEF5018E3C32C10272A2D4A5CCF9A91D818D48C94C4DC4650ACC2AD462C2154E010E666B762B0B7F57BAD1A471830A0C5BB7422AFC62F840
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_UTIME.#define _INC_UTIME..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFIN

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\is-VASUQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2445
                                                                                                                                                                                                                                                                        Entropy (8bit):5.105161608995923
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GicuvBGmZ86+8nEGLEGzhlEG5/+Okvk4QEa2Mqh6CJ:srmZca/L/zf/5/AvkpExMqh6CJ
                                                                                                                                                                                                                                                                        MD5:19E8A20458A7627517AD83C0BE798773
                                                                                                                                                                                                                                                                        SHA1:FB12989D8B6B899F89F10E39559A46D79ADDEC65
                                                                                                                                                                                                                                                                        SHA-256:EF43F9F51660AB8282707F7169CC3D977878E623743D23EC565663FE2B4E9782
                                                                                                                                                                                                                                                                        SHA-512:4C21638910D0C87097E2FFC7B28B1011601E7B187297F9B9C2C3DB52596F84A0CFE089EF172A0DCDA0DCBE0B5B5DC94F36401A233CF7B903520C98B826A769DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIMEB_H_.#define _TIMEB_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __time64_t time_t;.#endif.#define _TIME_T_DEF

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\locking.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):648
                                                                                                                                                                                                                                                                        Entropy (8bit):4.971114123290285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:UJJISFcShcFP+4BFYLiSUfmMLGe2wAdcQr+VDRwrf7AIDjBArvjUOpy:i2PSh0PD+ivmMy4CVEABYjUOpy
                                                                                                                                                                                                                                                                        MD5:28BD6385B1C6AF18F7B2B2FA7F66827A
                                                                                                                                                                                                                                                                        SHA1:AD01251C9D742578F2962D71A17969DA842C5A2A
                                                                                                                                                                                                                                                                        SHA-256:29786145E9AF34A1F96E7368855B19E8879FC80D35A172D9BA97D3C7FC2F6311
                                                                                                                                                                                                                                                                        SHA-512:04DF92A3257B4A87FC1A00C65F700C6A9F4897FF3E258FBD27A3B3AD5426A35FAA7371735F829F4DA40E622E75A8259D4022F0F54BF8F52CA5ACFD234ED75CBE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCKING.#define _INC_LOCKING..#ifndef _WIN32.#error Only Win32 target is supported!.#endif../* All the headers include this file. */.#include <_mingw.h>..#define _LK_UNLCK 0.#define _LK_LOCK 1.#define _LK_NBLCK 2.#define _LK_RLCK 3.#define _LK_NBRLCK 4..#ifndef.NO_OLDNAMES.#define LK_UNLCK _LK_UNLCK.#define LK_LOCK _LK_LOCK.#define LK_NBLCK _LK_NBLCK.#define LK_RLCK _LK_RLCK.#define LK_NBRLCK _LK_NBRLCK.#endif..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\stat.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6881
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0578662257513605
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:1Roa8xTSS9V89V0B9V69VP9VCJQI99wMupDGi+dpq+p:UdTSE44GPkfyDGi+Lq+p
                                                                                                                                                                                                                                                                        MD5:C03D618D6697B5E3992FEEA86A9C4CB8
                                                                                                                                                                                                                                                                        SHA1:4536CCD81AAEF11CF7480649B8B99836C8B32291
                                                                                                                                                                                                                                                                        SHA-256:4DC126AB4B3177DA85E40ED56A7D4516105E436A4624272992816B23E03915B5
                                                                                                                                                                                                                                                                        SHA-512:236235AA9B16B4CEB82C05BF526ECA702CB7D8C542F88D0BDB2416AC3BE8214688E6BA47BD253AAA877E173197035FD1EA7BF88AAE6C72C907E898182A5593C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STAT.#define _INC_STAT..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#include <sys/types.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __tim

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\time.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1717
                                                                                                                                                                                                                                                                        Entropy (8bit):5.134085097588011
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GIN024uIvNjYW0Q3VE9/6MLE0Rfn0AzMb:/02E18W0Q3+IclRf0nb
                                                                                                                                                                                                                                                                        MD5:D8BDDDB8A0B2E59371CE79EF056873C5
                                                                                                                                                                                                                                                                        SHA1:25F481B63F4343DCD56D2F15FE205F16BF008CB1
                                                                                                                                                                                                                                                                        SHA-256:518741F286545434DF676572E53BF8553B0496A7138942DC6B20FF252B4293E4
                                                                                                                                                                                                                                                                        SHA-512:4E009938EB6499F59022D1C2227A7E10FDE44C1CC4A38DE415B9E2C4E932E302C25845D68C6B2107CC037AB8053FE43350B2312A70130880004881E53EDB8F16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _SYS_TIME_H_.#define _SYS_TIME_H_..#include <time.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef __STRICT_ANSI__.#ifndef _TIMEVAL_DEFINED /* also in winsock[2].h */.#define _TIMEVAL_DEFINED.struct timeval {. long tv_sec;. long tv_usec;.};.#define timerisset(tvp). ((tvp)->tv_sec || (tvp)->tv_usec).#define timercmp(tvp, uvp, cmp) \. (((tvp)->tv_sec != (uvp)->tv_sec) ? \. ((tvp)->tv_sec cmp (uvp)->tv_sec) : \. ((tvp)->tv_usec cmp (uvp)->tv_usec)).#define timerclear(tvp). (tvp)->tv_sec = (tvp)->tv_usec = 0.#endif /* _TIMEVAL_DEFINED */..#ifndef _TIMEZONE_DEFINED /* also in sys/time.h */.#define _TIMEZONE_DEFINED./* Provided for compatibility with code that assumes that. the presence of gettimeofday function implies a definition. of struct timezone. */.struc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\timeb.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2445
                                                                                                                                                                                                                                                                        Entropy (8bit):5.105161608995923
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GicuvBGmZ86+8nEGLEGzhlEG5/+Okvk4QEa2Mqh6CJ:srmZca/L/zf/5/AvkpExMqh6CJ
                                                                                                                                                                                                                                                                        MD5:19E8A20458A7627517AD83C0BE798773
                                                                                                                                                                                                                                                                        SHA1:FB12989D8B6B899F89F10E39559A46D79ADDEC65
                                                                                                                                                                                                                                                                        SHA-256:EF43F9F51660AB8282707F7169CC3D977878E623743D23EC565663FE2B4E9782
                                                                                                                                                                                                                                                                        SHA-512:4C21638910D0C87097E2FFC7B28B1011601E7B187297F9B9C2C3DB52596F84A0CFE089EF172A0DCDA0DCBE0B5B5DC94F36401A233CF7B903520C98B826A769DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIMEB_H_.#define _TIMEB_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __time64_t time_t;.#endif.#define _TIME_T_DEF

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\types.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2128
                                                                                                                                                                                                                                                                        Entropy (8bit):5.025170221794001
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:G/uvbKQUIpV0OC1I/bFHb3wHbdyOkvk4QEa2K:WMKQ7V0/SFHDwHxkvkpExK
                                                                                                                                                                                                                                                                        MD5:C8F3B2F1FCF386398B5F130F0599A72E
                                                                                                                                                                                                                                                                        SHA1:242163A76E04F20CE4B3D5D0A959D66B978F43AD
                                                                                                                                                                                                                                                                        SHA-256:F1C3F9E5C811A63BEBAE5229042C09CB5E057F4117FD31B45AACBB4C3A626DF8
                                                                                                                                                                                                                                                                        SHA-512:3239360E2F810EBBB853581E01657A69BA9A56F6BBB29288011D6F842CE2C405D27A7D818C5E4809AE053481723DFA7DC37E4778EDFE6B6392884EB32804AA03
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TYPES.#define _INC_TYPES..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED.typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T.typedef __time32_t time_t;.#else.typedef __time64_t time_t;.#endif.#endif..#ifndef _INO_T_DEFINED.#define _INO_T_DEFINED.typedef unsigned short _ino_t;.#ifndef.NO_OLDNAMES.typedef unsigned short ino_t;.#

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\unistd.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):351
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8356374612162245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1y19q/MqL9FPKvbf1CAARc:UJJISFcShcFP+4B7SFRClV1yoxFyvxCU
                                                                                                                                                                                                                                                                        MD5:244C135562D0B700D037299E0052A855
                                                                                                                                                                                                                                                                        SHA1:59F8A3B33C5CC8BBF95E4B57300628E7599DF682
                                                                                                                                                                                                                                                                        SHA-256:1F595A85CAEEEF7385A0BDA94AF51896B214EE26056484AF50353E9393DE1929
                                                                                                                                                                                                                                                                        SHA-512:1F5DEF177331B0E4DD86B5FC38FC9CF4F679BCA644C26C993D2A911DCF39DB452D084BF29D76430F5704E218CBCCD86D68F11D38C07B93A818EE446BA249EB53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * unistd.h maps (roughly) to io.h. */.#ifndef __STRICT_ANSI__.#include <io.h>.#endif..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\sys\utime.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3429
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0927661539295
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:0AqQeDbkF8080FQrkLt17kciYcTh6Wkcakc/Dk3Ih67k3R:0AVebbrShi1THhahrIIYIR
                                                                                                                                                                                                                                                                        MD5:0FD455848E3B07648883FF0C890BA3B6
                                                                                                                                                                                                                                                                        SHA1:22430C3CA7A2FABF95297BA72CA5FB175E37E996
                                                                                                                                                                                                                                                                        SHA-256:524312E3E8A325F7D5AFC21DDB8FCBCEB85D451175E07EF1BEADB7F82FA368B3
                                                                                                                                                                                                                                                                        SHA-512:53ADBB9316B7AD49BEF5018E3C32C10272A2D4A5CCF9A91D818D48C94C4DC4650ACC2AD462C2154E010E666B762B0B7F57BAD1A471830A0C5BB7422AFC62F840
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_UTIME.#define _INC_UTIME..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFIN

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\tcc\is-KQ8LN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5780
                                                                                                                                                                                                                                                                        Entropy (8bit):5.046971371476785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:jlnbfJdTPPut0CQHXOiNZIZvYx6G5Pcz3mZqZ9VZ59uxS34n3C3:NfJdSbQHXVNiVYx6G5Y3UO9VFuxS34A
                                                                                                                                                                                                                                                                        MD5:7166D4B47303E4DC38EBEAE8B204075F
                                                                                                                                                                                                                                                                        SHA1:FA0341B00479D682C8A398E8EC1C6D4D7FC2D05A
                                                                                                                                                                                                                                                                        SHA-256:758E0585EDFBCE44BF27E0BB44D9B22AF53B86C9C265E4303DF9B270194ED4FF
                                                                                                                                                                                                                                                                        SHA-512:4A4DF260266B6F17DA29E71254969DBE377CC11BADE3513BAB1F3B767CE049C9BBE1B0656263763BFB5D10C9D325B425364F000BAA4342572556716B857E796D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _TCC_LIBM_H_.#define _TCC_LIBM_H_..#include "../math.h"../* TCC uses 8 bytes for double and long double, so effectively the l variants. * are never used. For now, they just run the normal (double) variant.. */../*. * most of the code in this file is taken from MUSL rs-1.0 (MIT license). * - musl-libc: http://git.musl-libc.org/cgit/musl/tree/src/math?h=rs-1.0. * - License: http://git.musl-libc.org/cgit/musl/tree/COPYRIGHT?h=rs-1.0. */../*******************************************************************************. Start of code based on MUSL.*******************************************************************************/./*.musl as a whole is licensed under the following standard MIT license:..----------------------------------------------------------------------.Copyright . 2005-2014 Rich Felker, et al...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\tcc\tcc_libm.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5780
                                                                                                                                                                                                                                                                        Entropy (8bit):5.046971371476785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:jlnbfJdTPPut0CQHXOiNZIZvYx6G5Pcz3mZqZ9VZ59uxS34n3C3:NfJdSbQHXVNiVYx6G5Y3UO9VFuxS34A
                                                                                                                                                                                                                                                                        MD5:7166D4B47303E4DC38EBEAE8B204075F
                                                                                                                                                                                                                                                                        SHA1:FA0341B00479D682C8A398E8EC1C6D4D7FC2D05A
                                                                                                                                                                                                                                                                        SHA-256:758E0585EDFBCE44BF27E0BB44D9B22AF53B86C9C265E4303DF9B270194ED4FF
                                                                                                                                                                                                                                                                        SHA-512:4A4DF260266B6F17DA29E71254969DBE377CC11BADE3513BAB1F3B767CE049C9BBE1B0656263763BFB5D10C9D325B425364F000BAA4342572556716B857E796D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#ifndef _TCC_LIBM_H_.#define _TCC_LIBM_H_..#include "../math.h"../* TCC uses 8 bytes for double and long double, so effectively the l variants. * are never used. For now, they just run the normal (double) variant.. */../*. * most of the code in this file is taken from MUSL rs-1.0 (MIT license). * - musl-libc: http://git.musl-libc.org/cgit/musl/tree/src/math?h=rs-1.0. * - License: http://git.musl-libc.org/cgit/musl/tree/COPYRIGHT?h=rs-1.0. */../*******************************************************************************. Start of code based on MUSL.*******************************************************************************/./*.musl as a whole is licensed under the following standard MIT license:..----------------------------------------------------------------------.Copyright . 2005-2014 Rich Felker, et al...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\tccdefs.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10222
                                                                                                                                                                                                                                                                        Entropy (8bit):5.118611530215232
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:cwxjJoLCBGnjq/Kn4aq3qvsbLJKr7nnJik1gngZxl9e7PpTGO+HT7R8AitqazIh5:cwzbLJyLnJ6O8PpTGOEiNzIhIbIXP3JF
                                                                                                                                                                                                                                                                        MD5:ACE688BCE0201B3B8BC3B7AF3CEC1BA7
                                                                                                                                                                                                                                                                        SHA1:7B967DE03772076207537292C4163994D4EAD095
                                                                                                                                                                                                                                                                        SHA-256:FACA8509C87FAE987A5E98CDC95171E036895037427D12930E2A83092D23FBB5
                                                                                                                                                                                                                                                                        SHA-512:A83753F6A1B82BCDFCF0B948C93F2E09A0A13105A112C161ABAD6DE84162DA67600CF5458FF51264DDC462077033DE3C8496E7B2251831871005D747AE58A24A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/* tccdefs.h.... Nothing is defined before this file except target machine, target os.. and the few things related to option settings in tccpp.c:tcc_predefs()..... This file is either included at runtime as is, or converted and.. included as C-strings at compile-time (depending on CONFIG_TCC_PREDEFS)..... Note that line indent matters:.... - in lines starting at column 1, platform macros are replaced by.. corresponding TCC target compile-time macros. See conftest.c for.. the list of platform macros supported in lines starting at column 1..... - only lines indented >= 4 are actually included into the executable,.. check tccdefs_.h...*/....#if __SIZEOF_POINTER__ == 4.. /* 32bit systems. */..#if defined TARGETOS_OpenBSD.. #define __SIZE_TYPE__ unsigned long.. #define __PTRDIFF_TYPE__ long..#else.. #define __SIZE_TYPE__ unsigned int.. #define __PTRDIFF_TYPE__ int..#endif.. #define __ILP32__ 1.. #define __INT64_TYPE__ long long..#el

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\tchar.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):31364
                                                                                                                                                                                                                                                                        Entropy (8bit):4.752286291497649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:ngntwzzdfQQbqvoRFCM/CVwLn4wyQoPUQ:PzdfQQbqvo1UwNoPUQ
                                                                                                                                                                                                                                                                        MD5:E237270733EDC1CB97B10870A3D50A69
                                                                                                                                                                                                                                                                        SHA1:C2406D465B5E8D94E1CB61C6C3F312BDB018AC80
                                                                                                                                                                                                                                                                        SHA-256:7FE5FDE028FF8F69D2BDA910664E2C169E7B92C6E7F2CF7915EB72054A9746FF
                                                                                                                                                                                                                                                                        SHA-512:8DF9ADD42AD3C8C378E93AF4BEC69489D59B8088974A40EC04FB91749DC050E3000674C9388FAE9937F87D6ABB60199B13D179BF0A8654370A66DB64CDD2E1B1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_TCHAR.#define _INC_TCHAR..#ifdef _STRSAFE_H_INCLUDED_.#error Need to include strsafe.h after tchar.h.#endif..#ifdef __cplusplus.extern "C" {.#endif..#define _ftcscat _tcscat.#define _ftcschr _tcschr.#define _ftcscpy _tcscpy.#define _ftcscspn _tcscspn.#define _ftcslen _tcslen.#define _ftcsncat _tcsncat.#define _ftcsncpy _tcsncpy.#define _ftcspbrk _tcspbrk.#define _ftcsrchr _tcsrchr.#define _ftcsspn _tcsspn.#define _ftcsstr _tcsstr.#define _ftcstok _tcstok..#define _ftcsdup _tcsdup.#define _ftcsnset _tcsnset.#define _ftcsrev _tcsrev.#define _ftcsset _tcsset..#define _ftcscmp _tcscmp.#define _ftcsicmp _tcsicmp.#define _ftcsnccmp _tcsnccmp.#define _ftcsncmp _tcsncmp.#define _ftcsncicmp _tcsncicmp.#define _ftcsnicmp _tcsnicmp..#define _ftcscoll _tc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\time.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8405
                                                                                                                                                                                                                                                                        Entropy (8bit):5.100723832842219
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0ih8Bf8Bx8B6qwyKg758H898Bc8BQGDL2XMR6fm4RFeU6sxhE2JFE:0G8Bf8Bx8Bxwyz58O8Bc8Bv208m4RFeD
                                                                                                                                                                                                                                                                        MD5:698EA0C0196BA07E9B949406DBB9FFD7
                                                                                                                                                                                                                                                                        SHA1:7296CFE82FAB54F08D44CE9CBAB92BEF7D96C96E
                                                                                                                                                                                                                                                                        SHA-256:453793A2D6C6FC772D1CDD60E701FB3D393D752937C1D6B2CA64D5F1CEC9FD36
                                                                                                                                                                                                                                                                        SHA-512:49984DDD4866060D8E310CA6A2BD53DEA87ABA70778202C5EFED126C35B244DF90C42D61477775F327B30597138A73FB2B2EE2E1050DC6732FAEB766E870C146
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H_.#define _TIME_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED.#define _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.#if defined(__GNUC__) && defined(__STRICT_ANSI__). typedef int _time64_t __attribute__ ((mode (DI)));.#else. typedef __int64 __time64_t;.#endif.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typ

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\vadefs.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):304
                                                                                                                                                                                                                                                                        Entropy (8bit):4.976431807239841
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2n2ADbA96Iy/KTMk:UJJISFcShcFP+4BbHYPSN
                                                                                                                                                                                                                                                                        MD5:DDA4463DA15121ED7AD4F091FBF61DFF
                                                                                                                                                                                                                                                                        SHA1:84B4C4973306EF725C3F61446AB891CAC6AA66A4
                                                                                                                                                                                                                                                                        SHA-256:2E6AB359559319A11A80F8F52AA0472CD0B141137F3A1EAA18C40D8827DC51D4
                                                                                                                                                                                                                                                                        SHA-512:D3417CF7702A17F0F327CBAF8D167D7830A2955C19D553893329696CDF2312707595CF0F6DDAA36EA18D0CEA41F24E6FA9C15AC14D5BC567BC25A1CC81B733FE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_VADEFS.#define _INC_VADEFS..//!__TINYC__: GNUC specific stuff removed..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\values.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):126
                                                                                                                                                                                                                                                                        Entropy (8bit):4.580595223579644
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:UwqZKUaAJAtMLnKEwOEtLDLaF9rL4AsNXIC:Uwq1LJvnKEcXaF94FNXIC
                                                                                                                                                                                                                                                                        MD5:621045AE9CA57FE30C8A99DD52AC5703
                                                                                                                                                                                                                                                                        SHA1:39B1E30A678EAC4DF1B78C0EF9D315A18DF4F156
                                                                                                                                                                                                                                                                        SHA-256:FA3758847B33F59ABE99B023BE00D8A027C391ECD0580A1FE755497C11E0C723
                                                                                                                                                                                                                                                                        SHA-512:AADE260048487D82F129A9A51FBDEA949793465C33DC147B31943D22523FB1A63C48F80FCA370D5929BCCA76B89CD15D9786C439A65C396BB4A5416D387E3F3A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*. * TODO: Nothing here yet. Should provide UNIX compatibility constants. * comparable to those in limits.h and float.h.. */.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\varargs.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):355
                                                                                                                                                                                                                                                                        Entropy (8bit):4.9174278150037285
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2Ti2F0A/ivi+M8WjTffBX5FoKtn+cs:UJJISFcShcFP+4B6Xr/qi+MHjjfBcKta
                                                                                                                                                                                                                                                                        MD5:8C659FCB5BA111C2A40716A84A2540D8
                                                                                                                                                                                                                                                                        SHA1:20069AF3A3805CF4CB05339F7A7A860F04A1E4B9
                                                                                                                                                                                                                                                                        SHA-256:07858857F4EED0A61DF94BEB1A9D678B53FC3D67A0B0E8936155F85DDBCD1DCC
                                                                                                                                                                                                                                                                        SHA-512:D1B19DEC523C79320BB3380F29981A49EFB178F06C0538BCE0A5B36AFEABEC9BE0F2A9D02436EDF2AC0970CB14B175B3387BBB14A1E5F62EEC9971C0C7648A99
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _VARARGS_H.#define _VARARGS_H..#error "TinyCC no longer implements <varargs.h>.".#error "Revise your code to use <stdarg.h>."..#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\wchar.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):34132
                                                                                                                                                                                                                                                                        Entropy (8bit):5.065285191271868
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:2186Orc7LIJ8SNgVx6eG17k8MGOHlE4eGP0+aILsGQ86jWIwF2iiEYbS:2IcE8SNgVx61JC6jry2E
                                                                                                                                                                                                                                                                        MD5:D6B25F8E3068967751493431B36C4248
                                                                                                                                                                                                                                                                        SHA1:3145ED71F286525D1FF492AE920B30694123259E
                                                                                                                                                                                                                                                                        SHA-256:C9BF12E02A2AB0783ED1C66DFE43DE43C402B33906CADA9B1157502A82C7C3E4
                                                                                                                                                                                                                                                                        SHA-512:02A480389CECC909978130585609F57D03728726E72E5FEE89874ACCA4122D971D74FC615949F8675513EDCFE3198201AD0118F795B147C6FCA10D28E8856645
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR.#define _INC_WCHAR..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WCHAR_MIN /* also at stdint.h */.#define WCHAR_MIN 0.#define WCHAR_MAX ((wchar_t) -1) /* UINT16_MAX */.#endif..#ifndef __GNUC_VA_LIST.#define __GNUC_VA_LIST. typedef __builtin_va_list __gnuc_va_list;.#endif..#ifndef _VA_LIST_DEFINED.#define _VA_LIST_DEFINED. typedef __gnuc_va_list va_list;.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifndef _STDIO_DEFINED.#ifdef _WIN64. _CRTIMP FILE *__

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\wctype.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4782
                                                                                                                                                                                                                                                                        Entropy (8bit):5.146949090032166
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:4+KnaNsLsNwnSTOXNXgXXXVX+1XPXmXIX6QXJX9XZXdwUSv:4+KA6O6XNXgXXXVXkXPXmXIXfXJX9XZK
                                                                                                                                                                                                                                                                        MD5:C238CFA11A44926BECD364AB35BFC821
                                                                                                                                                                                                                                                                        SHA1:54D68B8EF71D277BD5173E0AAC794D6EBDB00360
                                                                                                                                                                                                                                                                        SHA-256:E12D9C5BCBE4DFB96EA6C75410EA287917B3C24BFF9CD2E716D35E00C1D4906C
                                                                                                                                                                                                                                                                        SHA-512:C64F6A3B18D84C8498A2270E7152C4001D6D7EE1ACD04169F616A7808A05A02F34E2876BA0CB8D979AE75752109B50A65A66207C86FE936402BDA39AC93833C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCTYPE.#define _INC_WCTYPE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef _WCTYPE_T_DEFINED. typedef unsigned short wint_t;. typedef unsigned short wctype_t;.#define _WCTYPE_T_DEFINED.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func() (_pctype).#else.#define __pctype_func() (*_imp___pctype).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\basetsd.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5614
                                                                                                                                                                                                                                                                        Entropy (8bit):5.234194137175846
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:xOYJhN+GRWlYdGmc0/5ZLURGFVwae+NmZLaVkGMGMRRMhHmdd7sAKGU1LRlw+4i7:xO8hIGRWl6Gmc0hw8Vre+NmcVk5rSHIQ
                                                                                                                                                                                                                                                                        MD5:4BF8483CA6A55237B88B3FB04917C9B4
                                                                                                                                                                                                                                                                        SHA1:1D5A57A8AF15FF88521335970F6C547EB2BDA403
                                                                                                                                                                                                                                                                        SHA-256:5C9CBAA16ABF57400ED31B49AAB7EE015788DBE7D3B58F3D53C86DB3807DD6F0
                                                                                                                                                                                                                                                                        SHA-512:7C4E012EF32A9529A0FA648320796D2ABB287C3C37F22D2CFEFE62FD0851CF68B5D373316AD70B51D09F0D0F1F48843A5D6E430C12367B5363648EEFF1160466
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _BASETSD_H_.#define _BASETSD_H_..#if (defined(__x86_64) || defined(__ia64__)) && !defined(RC_INVOKED).typedef unsigned __int64 POINTER_64_INT;.#else.typedef unsigned long POINTER_64_INT;.#endif..#define POINTER_32.#define POINTER_64.#define FIRMWARE_PTR..#ifdef __cplusplus.extern "C" {.#endif.. typedef signed char INT8,*PINT8;. typedef signed short INT16,*PINT16;. typedef signed int INT32,*PINT32;. typedef signed __int64 INT64,*PINT64;. typedef unsigned char UINT8,*PUINT8;. typedef unsigned short UINT16,*PUINT16;. typedef unsigned int UINT32,*PUINT32;. typedef unsigned __int64 UINT64,*PUINT64;. typedef signed int LONG32,*PLONG32;. typedef unsigned int ULONG32,*PULONG32;. typedef unsigned int DWORD32,*PDWORD32;..#ifndef _W64.#define _W64.#endif..#ifdef _WIN64

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\basetyps.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2413
                                                                                                                                                                                                                                                                        Entropy (8bit):5.267985342570529
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:G+qAaBjES2EZs96PiYkAahW4h+gt/04hOgldUOkke:TqAuEThH3Vy
                                                                                                                                                                                                                                                                        MD5:09DFC50C697476FDC240969717C514CE
                                                                                                                                                                                                                                                                        SHA1:C9D444C897A96A4B475379C7C6B826FDF2DFF2E5
                                                                                                                                                                                                                                                                        SHA-256:34842EE3389CB13A72A2B87EC930AADBFFCE8906EB31480180CFF541C7F44134
                                                                                                                                                                                                                                                                        SHA-512:DE3E258D4DF8E046A131110FADAC12572CA14A7359F1C44C41DEBC7E8F1424A93BEC6300E3CA21BEEB55FF4B3AB572F0B3059D9399C89CFF27D154DCC90238F7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !defined(_BASETYPS_H_).#define _BASETYPS_H_..#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif..#define STDMETHODCALLTYPE WINAPI.#define STDMETHODVCALLTYPE __cdecl..#define STDAPICALLTYPE WINAPI.#define STDAPIVCALLTYPE __cdecl..#define STDAPI EXTERN_C HRESULT WINAPI.#define STDAPI_(type) EXTERN_C type WINAPI..#define STDMETHODIMP HRESULT WINAPI.#define STDMETHODIMP_(type) type WINAPI..#define STDAPIV EXTERN_C HRESULT STDAPIVCALLTYPE.#define STDAPIV_(type) EXTERN_C type STDAPIVCALLTYPE..#define STDMETHODIMPV HRESULT STDMETHODVCALLTYPE.#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE..#if defined(__cplusplus) && !defined(CINTERFACE)..#define __STRUCT__ struct.#define STDMETHOD(method) virtual HRESULT WINAPI method.#define STDMETHOD_(type

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\guiddef.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4165
                                                                                                                                                                                                                                                                        Entropy (8bit):5.37405161812663
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:lVeZAP1SQySDz25/rPjEgE+2VPYFjrQUnL:lVe01S9kNcH
                                                                                                                                                                                                                                                                        MD5:D65FFFB282C1F60CCBFC4DCF1410BE1F
                                                                                                                                                                                                                                                                        SHA1:2BE8BADB6C6FB0DB0B023BFBC7B6842E0AB73A8F
                                                                                                                                                                                                                                                                        SHA-256:7DB1B1FE46513F578A3C777C3CE300D8403D31FBFB6D00EACFF93286D2ED1293
                                                                                                                                                                                                                                                                        SHA-512:E7F9554980671DCB14C62FF462AE34961C01E0DD1AFA9F8E010370B0941E22BA619ABEA98DCE090762888A1E485586BAAA0917167FF6373C8309374EBCE8054F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef GUID_DEFINED.#define GUID_DEFINED.typedef struct _GUID {. unsigned long Data1;. unsigned short Data2;. unsigned short Data3;. unsigned char Data4[8 ];.} GUID;.#endif..#ifndef UUID_DEFINED.#define UUID_DEFINED.typedef GUID UUID;.#endif..#ifndef FAR.#define FAR.#endif..#ifndef DECLSPEC_SELECTANY.#define DECLSPEC_SELECTANY __declspec(selectany).#endif..#ifndef EXTERN_C.#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif.#endif..#ifdef DEFINE_GUID.#undef DEFINE_GUID.#endif..#ifdef INITGUID.#ifdef __cplusplus.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) EXTERN_C const GUID DECLSPEC_SELECTANY name = { l,w1,w2,{ b1,b2,b3,b4,b5,b6,b7,b8 } }.#else.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) const GUID DECLSPEC_SELEC

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-0VU4B.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5614
                                                                                                                                                                                                                                                                        Entropy (8bit):5.234194137175846
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:xOYJhN+GRWlYdGmc0/5ZLURGFVwae+NmZLaVkGMGMRRMhHmdd7sAKGU1LRlw+4i7:xO8hIGRWl6Gmc0hw8Vre+NmcVk5rSHIQ
                                                                                                                                                                                                                                                                        MD5:4BF8483CA6A55237B88B3FB04917C9B4
                                                                                                                                                                                                                                                                        SHA1:1D5A57A8AF15FF88521335970F6C547EB2BDA403
                                                                                                                                                                                                                                                                        SHA-256:5C9CBAA16ABF57400ED31B49AAB7EE015788DBE7D3B58F3D53C86DB3807DD6F0
                                                                                                                                                                                                                                                                        SHA-512:7C4E012EF32A9529A0FA648320796D2ABB287C3C37F22D2CFEFE62FD0851CF68B5D373316AD70B51D09F0D0F1F48843A5D6E430C12367B5363648EEFF1160466
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _BASETSD_H_.#define _BASETSD_H_..#if (defined(__x86_64) || defined(__ia64__)) && !defined(RC_INVOKED).typedef unsigned __int64 POINTER_64_INT;.#else.typedef unsigned long POINTER_64_INT;.#endif..#define POINTER_32.#define POINTER_64.#define FIRMWARE_PTR..#ifdef __cplusplus.extern "C" {.#endif.. typedef signed char INT8,*PINT8;. typedef signed short INT16,*PINT16;. typedef signed int INT32,*PINT32;. typedef signed __int64 INT64,*PINT64;. typedef unsigned char UINT8,*PUINT8;. typedef unsigned short UINT16,*PUINT16;. typedef unsigned int UINT32,*PUINT32;. typedef unsigned __int64 UINT64,*PUINT64;. typedef signed int LONG32,*PLONG32;. typedef unsigned int ULONG32,*PULONG32;. typedef unsigned int DWORD32,*PDWORD32;..#ifndef _W64.#define _W64.#endif..#ifdef _WIN64

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-2H8Q5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):179678
                                                                                                                                                                                                                                                                        Entropy (8bit):5.448601521160739
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:jgie2EUSlwrMbtENbSJGDN4tSUez2pUQkR:jgie7wrMSSJGDfUe++
                                                                                                                                                                                                                                                                        MD5:3243B7C1189CC2C02075C2B175592EA9
                                                                                                                                                                                                                                                                        SHA1:B520F45E195A50AB00ACC161EFEC7E6620E652AF
                                                                                                                                                                                                                                                                        SHA-256:4356BFCDF5209C4EC58DE486E2173CE4B17E0CE75A422B226FDDDD18597C9905
                                                                                                                                                                                                                                                                        SHA-512:CDAA9D91F80127028DC877924D2E41B4EF55714485536C4B64955195C94E8EBFBECF9A0D7545DF535CBF4C1977CA53C14379B96ABCEBF7AEC461BCBB87EF040E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINUSER_.#define _WINUSER_..#define WINUSERAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <stdarg.h>..#ifndef NOUSER. typedef HANDLE HDWP;. typedef VOID MENUTEMPLATEA;. typedef VOID MENUTEMPLATEW;. typedef PVOID LPMENUTEMPLATEA;. typedef PVOID LPMENUTEMPLATEW;..#ifdef UNICODE. typedef MENUTEMPLATEW MENUTEMPLATE;. typedef LPMENUTEMPLATEW LPMENUTEMPLATE;.#else. typedef MENUTEMPLATEA MENUTEMPLATE;. typedef LPMENUTEMPLATEA LPMENUTEMPLATE;.#endif.. typedef LRESULT (CALLBACK *WNDPROC)(HWND,UINT,WPARAM,LPARAM);. typedef INT_PTR (CALLBACK *DLGPROC)(HWND,UINT,WPARAM,LPARAM);. typedef VOID (CALLBACK *TIMERPROC)(HWND,UINT,UINT_PTR,DWORD);. typedef WINBOOL (CALLBACK *GRAYSTRINGPROC)(HDC,LPARAM,int);.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-2TDGS.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3kJuy:UJJISFcShcFP+4BnWKi3suy
                                                                                                                                                                                                                                                                        MD5:5F9BA2A3122F6963219BDD95EFF0D63B
                                                                                                                                                                                                                                                                        SHA1:FC7EF1DBF2D51D9E38E79BC4D2DFE7F89107263E
                                                                                                                                                                                                                                                                        SHA-256:D459CBD546929FD44980D32C1680A8F176D717CE9DF162F5C5C443DFDCCC9E42
                                                                                                                                                                                                                                                                        SHA-512:4339E932DA337FC33CB8544FAD3065F82F689E17AE9CFD6A3035A0A1C62271ED0EFC44553A75C29207E97555E55FF8F76D42FBEF57B46B0E117B087A367A5D1F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,2).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-507C7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3uJuy:UJJISFcShcFP+4BnWKi3uV
                                                                                                                                                                                                                                                                        MD5:4FA6301A9105C4442FCD8181B17BF100
                                                                                                                                                                                                                                                                        SHA1:CD49157FA734AF5ECB57BDE0E7C57B9BC425CE98
                                                                                                                                                                                                                                                                        SHA-256:32FE7B5FF2387C916AD134EF5B5B0AC67447DA0E0DCCF405C31562AAC718D6D8
                                                                                                                                                                                                                                                                        SHA-512:EC6C5D061C788463D3E262E69ED74F5A21022007F4E3BC5DCDAA64ED641D0C4953A60A465E7972756E427E3B9AC71103AA36EF298F8E5D8FC946210152612599
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,8).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-6MCQN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):159607
                                                                                                                                                                                                                                                                        Entropy (8bit):5.448523174174419
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:p8iWoUKAVEvTQ/BUNRB+NNKjxyfmTcFqTPj:p8iWoUKAVEvTQmcFqTPj
                                                                                                                                                                                                                                                                        MD5:18908ACE3445091E5966CC99F9D4B5B9
                                                                                                                                                                                                                                                                        SHA1:130D1CFA2D8A8A17FA2AFA4DDF4FE3DFBA4542D5
                                                                                                                                                                                                                                                                        SHA-256:47EFFBA4D4BB7DFBE373F1156285A170042FE1A3552BCBBEE460E5DB68E1FF2D
                                                                                                                                                                                                                                                                        SHA-512:0E63D752B56051057C4E553307A708C2359EAC58EA96EA0077931642482EB8B6E0B28984A278663D85C6B1739564CAB6FFED3D9582306473841A355BD0CBEE61
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINBASE_.#define _WINBASE_..#define WINADVAPI DECLSPEC_IMPORT.#define WINBASEAPI DECLSPEC_IMPORT.#define ZAWPROXYAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#define DefineHandleTable(w) ((w),TRUE).#define LimitEmsPages(dw).#define SetSwapAreaSize(w) (w).#define LockSegment(w) GlobalFix((HANDLE)(w)).#define UnlockSegment(w) GlobalUnfix((HANDLE)(w)).#define GetCurrentTime() GetTickCount()..#define Yield()..#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1).#define INVALID_FILE_SIZE ((DWORD)0xffffffff).#define INVALID_SET_FILE_POINTER ((DWORD)-1).#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)..#define FILE_BEGIN 0.#define FILE_CURRENT 1.#define FILE_END 2..#define TIME_ZONE_ID_INVALID ((DWORD)0xffffffff)..#define WAIT_FAILED ((DWORD)0xffffffff).#define WAI

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-829EK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):282
                                                                                                                                                                                                                                                                        Entropy (8bit):4.902277729484196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cGtSy:UJJISFcShcFP+4BnWKiky
                                                                                                                                                                                                                                                                        MD5:584EBD620B89C671805EB5917278C46F
                                                                                                                                                                                                                                                                        SHA1:645DCA8A4775E323EED290EB1262A898E3BD8DF3
                                                                                                                                                                                                                                                                        SHA-256:81C951E1FB87AA8F6E8871A073277F1CD1CCB9B66F6EFA92AFF35BCD00A60726
                                                                                                                                                                                                                                                                        SHA-512:F80C37DF443967189B8B3E246E860E854A65283B9E7DBBFD87FE30E6E8285C785DF2D6F74AC9D7D59CDF655E543B830042A51574FEDCF5611714946DA2D1D542
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(pop).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-8G42J.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14473
                                                                                                                                                                                                                                                                        Entropy (8bit):5.318184429302839
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:T3LK2osQDITqQWDVvRwPhOotRrwAIPmNLd1mBTVuRthEVPQKyybPki7wanag+4+M:lcio4tzIuhEVPQKyybrwan1+4+M
                                                                                                                                                                                                                                                                        MD5:A7EAC92053E54E029DC3B8356A49DF4A
                                                                                                                                                                                                                                                                        SHA1:475DF5425A60973CA79C1B0D5FA05DFD59E99E6A
                                                                                                                                                                                                                                                                        SHA-256:C965B8839E100E9AACAD333B373218F962A15840583231F968076441E781538B
                                                                                                                                                                                                                                                                        SHA-512:1A1F5032E2BA7A837FB043FC7B3DC15796B27FA481B2D8593F8012D503D1AAB5C82AB54404898FED81418FFC3B64712476DBC89ACAF92AACAC051FF40DD3F7CD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINCON_.#define _WINCON_..#ifdef __cplusplus.extern "C" {.#endif.. typedef struct _COORD {. SHORT X;. SHORT Y;. } COORD,*PCOORD;.. typedef struct _SMALL_RECT {. SHORT Left;. SHORT Top;. SHORT Right;. SHORT Bottom;. } SMALL_RECT,*PSMALL_RECT;.. typedef struct _KEY_EVENT_RECORD {. WINBOOL bKeyDown;. WORD wRepeatCount;. WORD wVirtualKeyCode;. WORD wVirtualScanCode;. union {. WCHAR UnicodeChar;. CHAR AsciiChar;. } uChar;. DWORD dwControlKeyState;. } KEY_EVENT_RECORD,*PKEY_EVENT_RECORD;..#define RIGHT_ALT_PRESSED 0x1.#define LEFT_ALT_PRESSED 0x2.#define RIGHT_CTRL_PRESSED 0x4.#define LEFT_CTRL_PRESSED 0x8.#define SHIFT_PRESSED 0x10.#define NUMLOCK_ON 0x20.#define SCROLLLOCK_ON 0x40.#define CAPSLOCK_ON 0x80.#define ENHA

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-8UGKN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2413
                                                                                                                                                                                                                                                                        Entropy (8bit):5.267985342570529
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:G+qAaBjES2EZs96PiYkAahW4h+gt/04hOgldUOkke:TqAuEThH3Vy
                                                                                                                                                                                                                                                                        MD5:09DFC50C697476FDC240969717C514CE
                                                                                                                                                                                                                                                                        SHA1:C9D444C897A96A4B475379C7C6B826FDF2DFF2E5
                                                                                                                                                                                                                                                                        SHA-256:34842EE3389CB13A72A2B87EC930AADBFFCE8906EB31480180CFF541C7F44134
                                                                                                                                                                                                                                                                        SHA-512:DE3E258D4DF8E046A131110FADAC12572CA14A7359F1C44C41DEBC7E8F1424A93BEC6300E3CA21BEEB55FF4B3AB572F0B3059D9399C89CFF27D154DCC90238F7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !defined(_BASETYPS_H_).#define _BASETYPS_H_..#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif..#define STDMETHODCALLTYPE WINAPI.#define STDMETHODVCALLTYPE __cdecl..#define STDAPICALLTYPE WINAPI.#define STDAPIVCALLTYPE __cdecl..#define STDAPI EXTERN_C HRESULT WINAPI.#define STDAPI_(type) EXTERN_C type WINAPI..#define STDMETHODIMP HRESULT WINAPI.#define STDMETHODIMP_(type) type WINAPI..#define STDAPIV EXTERN_C HRESULT STDAPIVCALLTYPE.#define STDAPIV_(type) EXTERN_C type STDAPIVCALLTYPE..#define STDMETHODIMPV HRESULT STDMETHODVCALLTYPE.#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE..#if defined(__cplusplus) && !defined(CINTERFACE)..#define __STRUCT__ struct.#define STDMETHOD(method) virtual HRESULT WINAPI method.#define STDMETHOD_(type

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-AHPAR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4165
                                                                                                                                                                                                                                                                        Entropy (8bit):5.37405161812663
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:lVeZAP1SQySDz25/rPjEgE+2VPYFjrQUnL:lVe01S9kNcH
                                                                                                                                                                                                                                                                        MD5:D65FFFB282C1F60CCBFC4DCF1410BE1F
                                                                                                                                                                                                                                                                        SHA1:2BE8BADB6C6FB0DB0B023BFBC7B6842E0AB73A8F
                                                                                                                                                                                                                                                                        SHA-256:7DB1B1FE46513F578A3C777C3CE300D8403D31FBFB6D00EACFF93286D2ED1293
                                                                                                                                                                                                                                                                        SHA-512:E7F9554980671DCB14C62FF462AE34961C01E0DD1AFA9F8E010370B0941E22BA619ABEA98DCE090762888A1E485586BAAA0917167FF6373C8309374EBCE8054F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef GUID_DEFINED.#define GUID_DEFINED.typedef struct _GUID {. unsigned long Data1;. unsigned short Data2;. unsigned short Data3;. unsigned char Data4[8 ];.} GUID;.#endif..#ifndef UUID_DEFINED.#define UUID_DEFINED.typedef GUID UUID;.#endif..#ifndef FAR.#define FAR.#endif..#ifndef DECLSPEC_SELECTANY.#define DECLSPEC_SELECTANY __declspec(selectany).#endif..#ifndef EXTERN_C.#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif.#endif..#ifdef DEFINE_GUID.#undef DEFINE_GUID.#endif..#ifdef INITGUID.#ifdef __cplusplus.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) EXTERN_C const GUID DECLSPEC_SELECTANY name = { l,w1,w2,{ b1,b2,b3,b4,b5,b6,b7,b8 } }.#else.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) const GUID DECLSPEC_SELEC

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-BU058.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2173
                                                                                                                                                                                                                                                                        Entropy (8bit):5.14850892880743
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GAjzWlnWj5A0iB/s1bUys7sbUo7QJQj7RLbY:VjIWVAVB/s1Iys7sIo7QSjlvY
                                                                                                                                                                                                                                                                        MD5:437B745F448BA343620FEF2015B72E78
                                                                                                                                                                                                                                                                        SHA1:6E95B00A515154FAEDB95606F9AA429AFE40807E
                                                                                                                                                                                                                                                                        SHA-256:3B0D80E4B27E099C8AF543D6D9CCA295C68E115A0FBA7CD79CC0E76D1C3A5C11
                                                                                                                                                                                                                                                                        SHA-512:43EE580B0D94F5556A6D4227B103C52678CEECE4566A7CE3A9A494E8F19BCF3B33A3E765E10D62C53CC54552532C3B0B2828241354C4C14DF13CC7F90D6ED8AE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDOWS_.#define _WINDOWS_..#ifndef WIN32_LEAN_AND_MEAN.#define WIN32_LEAN_AND_MEAN 1.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <_mingw.h>..#ifndef _INC_WINDOWS.#define _INC_WINDOWS..#if defined(RC_INVOKED) && !defined(NOWINRES)..#include <winresrc.h>.#else..#ifdef RC_INVOKED.#define NOATOM.#define NOGDI.#define NOGDICAPMASKS.#define NOMETAFILE.#define NOMINMAX.#define NOMSG.#define NOOPENFILE.#define NORASTEROPS.#define NOSCROLL.#define NOSOUND.#define NOSYSMETRICS.#define NOTEXTMETRIC.#define NOWH.#define NOCOMM.#define NOKANJI.#define NOCRYPT.#define NOMCX.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-JMHAI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.932449945638745
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3iV:UJJISFcShcFP+4BnWKi3iV
                                                                                                                                                                                                                                                                        MD5:9E2E16A461B193BAE9E69C59C9A3E040
                                                                                                                                                                                                                                                                        SHA1:17AAA9161D3F9D7270EDB80BC850B3AD1CD9151A
                                                                                                                                                                                                                                                                        SHA-256:CD3BA1258A5DD9C714879D3E499B021C85EE9827C06BAC2FC2C1E677B5909531
                                                                                                                                                                                                                                                                        SHA-512:37C580B406EB30FC66B0135D91D8DC743A9F2ABBF830A58272ECF910E4F4BDE10ED9A1CF07A8C0F24BFA2D8E86883AF76C5A7805FC70A2AE69F1A9D8225774DF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,4).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-L2PBP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3O2:UJJISFcShcFP+4BnWKi3O2
                                                                                                                                                                                                                                                                        MD5:F7CE406B57AF97C8BA95EEB9D7840C1D
                                                                                                                                                                                                                                                                        SHA1:ED211A37E0EFCA13A0146F9FE775875D32DB3496
                                                                                                                                                                                                                                                                        SHA-256:8EB67DD233D5A387D6DC1814CB6EB6C6DE9A123438FAEFCA7B442691CAF23049
                                                                                                                                                                                                                                                                        SHA-512:B7EE10FBFE60F4F6E998D48D88C36095DFA70524B9E24A6E3BDD6C0A62FBFCD66725E28F227DA1469448C909D08DC57ADD7484D7FEECA35B2FF3A4F526756256
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,1).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-L7T4G.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with very long lines (302)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13963
                                                                                                                                                                                                                                                                        Entropy (8bit):5.433606364599901
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:CVb+C+ikI8n1W8l12X3ufMfkebe+XxeceAUgnhicr7Df0ff8uc/1uA1uFZNz6deF:q+C3kI8n1W8l14VzPBAf
                                                                                                                                                                                                                                                                        MD5:0F0E5CB60E379839AC67467A6FD5280F
                                                                                                                                                                                                                                                                        SHA1:0783BEC9C6F621AEDD45D2F1010740D9A6152B0A
                                                                                                                                                                                                                                                                        SHA-256:6DBB969DC21E90D9044DABCD190268C1BB33E445862CE2A4A536E9A7134FA4EB
                                                                                                                                                                                                                                                                        SHA-512:06C87AE227BF6D9C00E8404C728CC77DE9840237647605AABF197A85131E4835FF6EE96D7BEE24FD7B423C86F64D673669D2D2E8061F03473B2B0A1E10DD8BCA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINREG_.#define _WINREG_..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#define RRF_RT_REG_NONE 0x00000001.#define RRF_RT_REG_SZ 0x00000002.#define RRF_RT_REG_EXPAND_SZ 0x00000004.#define RRF_RT_REG_BINARY 0x00000008.#define RRF_RT_REG_DWORD 0x00000010.#define RRF_RT_REG_MULTI_SZ 0x00000020.#define RRF_RT_REG_QWORD 0x00000040..#define RRF_RT_DWORD (RRF_RT_REG_BINARY | RRF_RT_REG_DWORD).#define RRF_RT_QWORD (RRF_RT_REG_BINARY | RRF_RT_REG_QWORD).#define RRF_RT_ANY 0x0000ffff..#define RRF_NOEXPAND 0x10000000.#define RRF_ZEROONFAILURE 0x20000000.. typedef ACCESS_MASK REGSAM;..#define HKEY_CLASSES_ROOT ((HKEY) (ULONG_PTR)((LONG)0x80000000)).#define HKEY_CURRENT_USER ((HKEY) (ULONG_PTR)((LONG)0x80000001)).#define HKEY_LOCAL_MACHINE (

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-NR52U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):150512
                                                                                                                                                                                                                                                                        Entropy (8bit):5.042627381884036
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:fAOSurpB+BkRymeRfJOj/7AL1YxEilv+y2aUs/gtvyEmZ1m6tDLiSgF:RHu7LSqiQakytxtDa
                                                                                                                                                                                                                                                                        MD5:8A51F06DF0CB380EB7E944203BFEDE79
                                                                                                                                                                                                                                                                        SHA1:92B3F5D7EBBAA0F35F30F5FA68698D93A708B0B5
                                                                                                                                                                                                                                                                        SHA-256:590134000B1B5C4FB7AFBCC54A445A42228D74164A9E8B24434D1A993F76852E
                                                                                                                                                                                                                                                                        SHA-512:E50C7D2391C84B3F975F5E6E732691102595BBB857987AD0577B370C34D9C9C32DE3FEA64DC8DD45608320EB0E7455EE306CA50B1F19D4B209BFE1618EF9B22A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINERROR_.#define _WINERROR_..#define FACILITY_WINDOWSUPDATE 36.#define FACILITY_WINDOWS_CE 24.#define FACILITY_WINDOWS 8.#define FACILITY_URT 19.#define FACILITY_UMI 22.#define FACILITY_SXS 23.#define FACILITY_STORAGE 3.#define FACILITY_STATE_MANAGEMENT 34.#define FACILITY_SSPI 9.#define FACILITY_SCARD 16.#define FACILITY_SETUPAPI 15.#define FACILITY_SECURITY 9.#define FACILITY_RPC 1.#define FACILITY_WIN32 7.#define FACILITY_CONTROL 10.#define FACILITY_NULL 0.#define FACILITY_METADIRECTORY 35.#define FACILITY_MSMQ 14.#define FACILITY_MEDIASERVER 13.#define FACILITY_INTERNET 12.#define FACILITY_ITF 4.#define FACILITY_HTTP 25.#define FACILITY_DPLAY 21.#define FACILITY_DISPATCH 2.#define FACILITY_DIRECTORYSERVICE 37.#define FACILITY_CONFIGURATION 33.#define FACILITY_COM

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2B2L.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):121301
                                                                                                                                                                                                                                                                        Entropy (8bit):5.419416589760816
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:mmN0oz+ODr15Ye92/rvZVXkRs4pItxtv7OosWBkEwJaYygZtk+tUtwtmtDlwsigp:nuPn7z57mW7T1QFYLCOdKSbuo8Sl
                                                                                                                                                                                                                                                                        MD5:FD80383F6F92379E074379BA54D68BDC
                                                                                                                                                                                                                                                                        SHA1:0A4D4926DF853E126FCC52150C84822AF1EF8035
                                                                                                                                                                                                                                                                        SHA-256:DF5937AC1805B27ABBA03277D2C34CAEE8CB4387EDB894ADCD73E6172A9FBD94
                                                                                                                                                                                                                                                                        SHA-512:4ED6C5508C77A8A3272835C6AE1323514E42D015F3CB53168382FFD78FB1A73D806AF5421378D1430ED344BA1200E3006D5AAF4150E925C1F2267A8D637A50A4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINGDI_.#define _WINGDI_..#define WINGDIAPI DECLSPEC_IMPORT.#define WINSPOOLAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef NOGDI.#ifndef NORASTEROPS.#define R2_BLACK 1.#define R2_NOTMERGEPEN 2.#define R2_MASKNOTPEN 3.#define R2_NOTCOPYPEN 4.#define R2_MASKPENNOT 5.#define R2_NOT 6.#define R2_XORPEN 7.#define R2_NOTMASKPEN 8.#define R2_MASKPEN 9.#define R2_NOTXORPEN 10.#define R2_NOP 11.#define R2_MERGENOTPEN 12.#define R2_COPYPEN 13.#define R2_MERGEPENNOT 14.#define R2_MERGEPEN 15.#define R2_WHITE 16.#define R2_LAST 16..#define SRCCOPY (DWORD)0x00CC0020.#define SRCPAINT (DWORD)0x00EE0086.#define SRCAND (DWORD)0x008800C6.#define SRCINVERT (DWORD)0x00660046.#define SRCERASE (DWORD)0x00440328.#define NOTS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-U2RTP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5381
                                                                                                                                                                                                                                                                        Entropy (8bit):5.237607493279814
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:EtGsCwPV1Ihot5C5snyv5vdQSZWVvc22c26T9Dd1s4S/BwS9BYwJw3+wIwV4mDVC:oC4V1Ihot5CFQjs4S/BwS9BmwJp9q1PK
                                                                                                                                                                                                                                                                        MD5:F0EF1B8EE3A22C3FA3CA4DD26012E309
                                                                                                                                                                                                                                                                        SHA1:4D78773275154677A5BB66D6393636CA2418EE69
                                                                                                                                                                                                                                                                        SHA-256:7D846678EC2A8C70F86308CF6BE585D760924C620DFCFB4B048F60D88577B69D
                                                                                                                                                                                                                                                                        SHA-512:7B230B6BE986E12C639DEE195198EE87FF1E9E0895FE3C101A3E8553D272986B9800C3C74B53A89128821D2D8D439A4968E48C29B2EDA43096E48F51B871B18C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef VER_H.#define VER_H..#ifdef __cplusplus.extern "C" {.#endif..#define VS_FILE_INFO RT_VERSION.#define VS_VERSION_INFO 1.#define VS_USER_DEFINED 100..#define VS_FFI_SIGNATURE 0xFEEF04BDL.#define VS_FFI_STRUCVERSION 0x00010000L.#define VS_FFI_FILEFLAGSMASK 0x0000003FL..#define VS_FF_DEBUG 0x00000001L.#define VS_FF_PRERELEASE 0x00000002L.#define VS_FF_PATCHED 0x00000004L.#define VS_FF_PRIVATEBUILD 0x00000008L.#define VS_FF_INFOINFERRED 0x00000010L.#define VS_FF_SPECIALBUILD 0x00000020L..#define VOS_UNKNOWN 0x00000000L.#define VOS_DOS 0x00010000L.#define VOS_OS216 0x00020000L.#define VOS_OS232 0x00030000L.#define VOS_NT 0x00040000L.#define VOS_WINCE 0x00050000L..#define VOS__BASE 0x00000000L.#define VOS__WINDOWS16 0x00000001L.#define VOS__PM16 0x00000002L.#define VOS__PM32

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-V4JPD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):193650
                                                                                                                                                                                                                                                                        Entropy (8bit):5.442692211038205
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:mgqyl7JPZPZWFLvC3b+tc55bLqkI66qJ+bOaCIzxlWLp9EhxveAMimiAg9+38w8l:FvgTAw+39O8+NQkK9t/k7IM
                                                                                                                                                                                                                                                                        MD5:39AB9E1D4A6B6871FC59D837A1910566
                                                                                                                                                                                                                                                                        SHA1:CEA4A15910A1DC02AF23A06ACE7B8B7BD6E1001D
                                                                                                                                                                                                                                                                        SHA-256:0881DEBBBD1879A08341E395FA1DCED6A7B1007A80A9C6ECC831A7800C90CA02
                                                                                                                                                                                                                                                                        SHA-512:652B8695DBBF04C76DB183435FDDC21034FD9C8C10CF648A21787855417B5050580C424C4DA773676BD6A6FD8C30596D905E3C9E91E946B37EA5723FBA9DF481
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINNT_.#define _WINNT_..#ifdef __cplusplus.extern "C" {.#endif..#include <ctype.h>.#define ANYSIZE_ARRAY 1..//gr #include <specstrings.h>..#define RESTRICTED_POINTER..#ifndef __CRT_UNALIGNED.#define __CRT_UNALIGNED.#endif..#if defined(__ia64__) || defined(__x86_64).#define UNALIGNED __CRT_UNALIGNED.#ifdef _WIN64.#define UNALIGNED64 __CRT_UNALIGNED.#else.#define UNALIGNED64.#endif.#else.#define UNALIGNED.#define UNALIGNED64.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && defined(__x86_64).#define _AMD64_.#endif..#if !defined(I_X86_) && !(defined(_X86_) && !defined(__x86_64)) && !defined(_AMD64_) && defined(__ia64__).#if

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\is-VEC65.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5674
                                                                                                                                                                                                                                                                        Entropy (8bit):5.253868357743171
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:l4nmx67GjIz13BkHelji9aF7e4KmCtnLK0kO5Ol60V:4mxbjYkHi+IM4OAO5gv
                                                                                                                                                                                                                                                                        MD5:4149CF07A0FCB5FAFAB7F58BCC951D8C
                                                                                                                                                                                                                                                                        SHA1:DBF6F1002B67DA30CE63BE5D41E0EAA76263AC9F
                                                                                                                                                                                                                                                                        SHA-256:137E9A43A136E4AE19B3A4C844023C6A1611B23685000364F6BE3143DB1A4C75
                                                                                                                                                                                                                                                                        SHA-512:1BC969D3700C3BEB6416EED13942142315EFEE5F929C55F539E11FB9196C8865CA05BE0A39094C6E7457B671BA33299D3861AEC6161DD0429E8A375F378659A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDEF_.#define _WINDEF_..#ifndef STRICT.#define STRICT 1.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef BASETYPES.#define BASETYPES. typedef unsigned long ULONG;. typedef ULONG *PULONG;. typedef unsigned short USHORT;. typedef USHORT *PUSHORT;. typedef unsigned char UCHAR;. typedef UCHAR *PUCHAR;. typedef char *PSZ;.#endif..#define MAX_PATH 260..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#ifndef FALSE.#define FALSE 0.#endif..#ifndef TRUE.#define TRUE 1.#endif..#ifndef IN.#define IN.#endif..#ifndef OUT.#define OUT.#endif..#ifndef OPTIONAL.#define OPTIONAL.#endif..#undef far.#undef near.#undef pascal..#define far.#define near.#define pascal __stdcall..#define

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\poppack.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):282
                                                                                                                                                                                                                                                                        Entropy (8bit):4.902277729484196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cGtSy:UJJISFcShcFP+4BnWKiky
                                                                                                                                                                                                                                                                        MD5:584EBD620B89C671805EB5917278C46F
                                                                                                                                                                                                                                                                        SHA1:645DCA8A4775E323EED290EB1262A898E3BD8DF3
                                                                                                                                                                                                                                                                        SHA-256:81C951E1FB87AA8F6E8871A073277F1CD1CCB9B66F6EFA92AFF35BCD00A60726
                                                                                                                                                                                                                                                                        SHA-512:F80C37DF443967189B8B3E246E860E854A65283B9E7DBBFD87FE30E6E8285C785DF2D6F74AC9D7D59CDF655E543B830042A51574FEDCF5611714946DA2D1D542
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(pop).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack1.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3O2:UJJISFcShcFP+4BnWKi3O2
                                                                                                                                                                                                                                                                        MD5:F7CE406B57AF97C8BA95EEB9D7840C1D
                                                                                                                                                                                                                                                                        SHA1:ED211A37E0EFCA13A0146F9FE775875D32DB3496
                                                                                                                                                                                                                                                                        SHA-256:8EB67DD233D5A387D6DC1814CB6EB6C6DE9A123438FAEFCA7B442691CAF23049
                                                                                                                                                                                                                                                                        SHA-512:B7EE10FBFE60F4F6E998D48D88C36095DFA70524B9E24A6E3BDD6C0A62FBFCD66725E28F227DA1469448C909D08DC57ADD7484D7FEECA35B2FF3A4F526756256
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,1).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack2.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3kJuy:UJJISFcShcFP+4BnWKi3suy
                                                                                                                                                                                                                                                                        MD5:5F9BA2A3122F6963219BDD95EFF0D63B
                                                                                                                                                                                                                                                                        SHA1:FC7EF1DBF2D51D9E38E79BC4D2DFE7F89107263E
                                                                                                                                                                                                                                                                        SHA-256:D459CBD546929FD44980D32C1680A8F176D717CE9DF162F5C5C443DFDCCC9E42
                                                                                                                                                                                                                                                                        SHA-512:4339E932DA337FC33CB8544FAD3065F82F689E17AE9CFD6A3035A0A1C62271ED0EFC44553A75C29207E97555E55FF8F76D42FBEF57B46B0E117B087A367A5D1F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,2).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack4.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.932449945638745
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3iV:UJJISFcShcFP+4BnWKi3iV
                                                                                                                                                                                                                                                                        MD5:9E2E16A461B193BAE9E69C59C9A3E040
                                                                                                                                                                                                                                                                        SHA1:17AAA9161D3F9D7270EDB80BC850B3AD1CD9151A
                                                                                                                                                                                                                                                                        SHA-256:CD3BA1258A5DD9C714879D3E499B021C85EE9827C06BAC2FC2C1E677B5909531
                                                                                                                                                                                                                                                                        SHA-512:37C580B406EB30FC66B0135D91D8DC743A9F2ABBF830A58272ECF910E4F4BDE10ED9A1CF07A8C0F24BFA2D8E86883AF76C5A7805FC70A2AE69F1A9D8225774DF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,4).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack8.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                        Entropy (8bit):4.939467489498393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3uJuy:UJJISFcShcFP+4BnWKi3uV
                                                                                                                                                                                                                                                                        MD5:4FA6301A9105C4442FCD8181B17BF100
                                                                                                                                                                                                                                                                        SHA1:CD49157FA734AF5ECB57BDE0E7C57B9BC425CE98
                                                                                                                                                                                                                                                                        SHA-256:32FE7B5FF2387C916AD134EF5B5B0AC67447DA0E0DCCF405C31562AAC718D6D8
                                                                                                                                                                                                                                                                        SHA-512:EC6C5D061C788463D3E262E69ED74F5A21022007F4E3BC5DCDAA64ED641D0C4953A60A465E7972756E427E3B9AC71103AA36EF298F8E5D8FC946210152612599
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,8).#endif.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winbase.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):159607
                                                                                                                                                                                                                                                                        Entropy (8bit):5.448523174174419
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:p8iWoUKAVEvTQ/BUNRB+NNKjxyfmTcFqTPj:p8iWoUKAVEvTQmcFqTPj
                                                                                                                                                                                                                                                                        MD5:18908ACE3445091E5966CC99F9D4B5B9
                                                                                                                                                                                                                                                                        SHA1:130D1CFA2D8A8A17FA2AFA4DDF4FE3DFBA4542D5
                                                                                                                                                                                                                                                                        SHA-256:47EFFBA4D4BB7DFBE373F1156285A170042FE1A3552BCBBEE460E5DB68E1FF2D
                                                                                                                                                                                                                                                                        SHA-512:0E63D752B56051057C4E553307A708C2359EAC58EA96EA0077931642482EB8B6E0B28984A278663D85C6B1739564CAB6FFED3D9582306473841A355BD0CBEE61
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINBASE_.#define _WINBASE_..#define WINADVAPI DECLSPEC_IMPORT.#define WINBASEAPI DECLSPEC_IMPORT.#define ZAWPROXYAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#define DefineHandleTable(w) ((w),TRUE).#define LimitEmsPages(dw).#define SetSwapAreaSize(w) (w).#define LockSegment(w) GlobalFix((HANDLE)(w)).#define UnlockSegment(w) GlobalUnfix((HANDLE)(w)).#define GetCurrentTime() GetTickCount()..#define Yield()..#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1).#define INVALID_FILE_SIZE ((DWORD)0xffffffff).#define INVALID_SET_FILE_POINTER ((DWORD)-1).#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)..#define FILE_BEGIN 0.#define FILE_CURRENT 1.#define FILE_END 2..#define TIME_ZONE_ID_INVALID ((DWORD)0xffffffff)..#define WAIT_FAILED ((DWORD)0xffffffff).#define WAI

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\wincon.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14473
                                                                                                                                                                                                                                                                        Entropy (8bit):5.318184429302839
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:T3LK2osQDITqQWDVvRwPhOotRrwAIPmNLd1mBTVuRthEVPQKyybPki7wanag+4+M:lcio4tzIuhEVPQKyybrwan1+4+M
                                                                                                                                                                                                                                                                        MD5:A7EAC92053E54E029DC3B8356A49DF4A
                                                                                                                                                                                                                                                                        SHA1:475DF5425A60973CA79C1B0D5FA05DFD59E99E6A
                                                                                                                                                                                                                                                                        SHA-256:C965B8839E100E9AACAD333B373218F962A15840583231F968076441E781538B
                                                                                                                                                                                                                                                                        SHA-512:1A1F5032E2BA7A837FB043FC7B3DC15796B27FA481B2D8593F8012D503D1AAB5C82AB54404898FED81418FFC3B64712476DBC89ACAF92AACAC051FF40DD3F7CD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINCON_.#define _WINCON_..#ifdef __cplusplus.extern "C" {.#endif.. typedef struct _COORD {. SHORT X;. SHORT Y;. } COORD,*PCOORD;.. typedef struct _SMALL_RECT {. SHORT Left;. SHORT Top;. SHORT Right;. SHORT Bottom;. } SMALL_RECT,*PSMALL_RECT;.. typedef struct _KEY_EVENT_RECORD {. WINBOOL bKeyDown;. WORD wRepeatCount;. WORD wVirtualKeyCode;. WORD wVirtualScanCode;. union {. WCHAR UnicodeChar;. CHAR AsciiChar;. } uChar;. DWORD dwControlKeyState;. } KEY_EVENT_RECORD,*PKEY_EVENT_RECORD;..#define RIGHT_ALT_PRESSED 0x1.#define LEFT_ALT_PRESSED 0x2.#define RIGHT_CTRL_PRESSED 0x4.#define LEFT_CTRL_PRESSED 0x8.#define SHIFT_PRESSED 0x10.#define NUMLOCK_ON 0x20.#define SCROLLLOCK_ON 0x40.#define CAPSLOCK_ON 0x80.#define ENHA

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\windef.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5674
                                                                                                                                                                                                                                                                        Entropy (8bit):5.253868357743171
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:l4nmx67GjIz13BkHelji9aF7e4KmCtnLK0kO5Ol60V:4mxbjYkHi+IM4OAO5gv
                                                                                                                                                                                                                                                                        MD5:4149CF07A0FCB5FAFAB7F58BCC951D8C
                                                                                                                                                                                                                                                                        SHA1:DBF6F1002B67DA30CE63BE5D41E0EAA76263AC9F
                                                                                                                                                                                                                                                                        SHA-256:137E9A43A136E4AE19B3A4C844023C6A1611B23685000364F6BE3143DB1A4C75
                                                                                                                                                                                                                                                                        SHA-512:1BC969D3700C3BEB6416EED13942142315EFEE5F929C55F539E11FB9196C8865CA05BE0A39094C6E7457B671BA33299D3861AEC6161DD0429E8A375F378659A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDEF_.#define _WINDEF_..#ifndef STRICT.#define STRICT 1.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef BASETYPES.#define BASETYPES. typedef unsigned long ULONG;. typedef ULONG *PULONG;. typedef unsigned short USHORT;. typedef USHORT *PUSHORT;. typedef unsigned char UCHAR;. typedef UCHAR *PUCHAR;. typedef char *PSZ;.#endif..#define MAX_PATH 260..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#ifndef FALSE.#define FALSE 0.#endif..#ifndef TRUE.#define TRUE 1.#endif..#ifndef IN.#define IN.#endif..#ifndef OUT.#define OUT.#endif..#ifndef OPTIONAL.#define OPTIONAL.#endif..#undef far.#undef near.#undef pascal..#define far.#define near.#define pascal __stdcall..#define

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\windows.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2173
                                                                                                                                                                                                                                                                        Entropy (8bit):5.14850892880743
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GAjzWlnWj5A0iB/s1bUys7sbUo7QJQj7RLbY:VjIWVAVB/s1Iys7sIo7QSjlvY
                                                                                                                                                                                                                                                                        MD5:437B745F448BA343620FEF2015B72E78
                                                                                                                                                                                                                                                                        SHA1:6E95B00A515154FAEDB95606F9AA429AFE40807E
                                                                                                                                                                                                                                                                        SHA-256:3B0D80E4B27E099C8AF543D6D9CCA295C68E115A0FBA7CD79CC0E76D1C3A5C11
                                                                                                                                                                                                                                                                        SHA-512:43EE580B0D94F5556A6D4227B103C52678CEECE4566A7CE3A9A494E8F19BCF3B33A3E765E10D62C53CC54552532C3B0B2828241354C4C14DF13CC7F90D6ED8AE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDOWS_.#define _WINDOWS_..#ifndef WIN32_LEAN_AND_MEAN.#define WIN32_LEAN_AND_MEAN 1.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <_mingw.h>..#ifndef _INC_WINDOWS.#define _INC_WINDOWS..#if defined(RC_INVOKED) && !defined(NOWINRES)..#include <winresrc.h>.#else..#ifdef RC_INVOKED.#define NOATOM.#define NOGDI.#define NOGDICAPMASKS.#define NOMETAFILE.#define NOMINMAX.#define NOMSG.#define NOOPENFILE.#define NORASTEROPS.#define NOSCROLL.#define NOSOUND.#define NOSYSMETRICS.#define NOTEXTMETRIC.#define NOWH.#define NOCOMM.#define NOKANJI.#define NOCRYPT.#define NOMCX.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winerror.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):150512
                                                                                                                                                                                                                                                                        Entropy (8bit):5.042627381884036
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:fAOSurpB+BkRymeRfJOj/7AL1YxEilv+y2aUs/gtvyEmZ1m6tDLiSgF:RHu7LSqiQakytxtDa
                                                                                                                                                                                                                                                                        MD5:8A51F06DF0CB380EB7E944203BFEDE79
                                                                                                                                                                                                                                                                        SHA1:92B3F5D7EBBAA0F35F30F5FA68698D93A708B0B5
                                                                                                                                                                                                                                                                        SHA-256:590134000B1B5C4FB7AFBCC54A445A42228D74164A9E8B24434D1A993F76852E
                                                                                                                                                                                                                                                                        SHA-512:E50C7D2391C84B3F975F5E6E732691102595BBB857987AD0577B370C34D9C9C32DE3FEA64DC8DD45608320EB0E7455EE306CA50B1F19D4B209BFE1618EF9B22A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINERROR_.#define _WINERROR_..#define FACILITY_WINDOWSUPDATE 36.#define FACILITY_WINDOWS_CE 24.#define FACILITY_WINDOWS 8.#define FACILITY_URT 19.#define FACILITY_UMI 22.#define FACILITY_SXS 23.#define FACILITY_STORAGE 3.#define FACILITY_STATE_MANAGEMENT 34.#define FACILITY_SSPI 9.#define FACILITY_SCARD 16.#define FACILITY_SETUPAPI 15.#define FACILITY_SECURITY 9.#define FACILITY_RPC 1.#define FACILITY_WIN32 7.#define FACILITY_CONTROL 10.#define FACILITY_NULL 0.#define FACILITY_METADIRECTORY 35.#define FACILITY_MSMQ 14.#define FACILITY_MEDIASERVER 13.#define FACILITY_INTERNET 12.#define FACILITY_ITF 4.#define FACILITY_HTTP 25.#define FACILITY_DPLAY 21.#define FACILITY_DISPATCH 2.#define FACILITY_DIRECTORYSERVICE 37.#define FACILITY_CONFIGURATION 33.#define FACILITY_COM

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\wingdi.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):121301
                                                                                                                                                                                                                                                                        Entropy (8bit):5.419416589760816
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:mmN0oz+ODr15Ye92/rvZVXkRs4pItxtv7OosWBkEwJaYygZtk+tUtwtmtDlwsigp:nuPn7z57mW7T1QFYLCOdKSbuo8Sl
                                                                                                                                                                                                                                                                        MD5:FD80383F6F92379E074379BA54D68BDC
                                                                                                                                                                                                                                                                        SHA1:0A4D4926DF853E126FCC52150C84822AF1EF8035
                                                                                                                                                                                                                                                                        SHA-256:DF5937AC1805B27ABBA03277D2C34CAEE8CB4387EDB894ADCD73E6172A9FBD94
                                                                                                                                                                                                                                                                        SHA-512:4ED6C5508C77A8A3272835C6AE1323514E42D015F3CB53168382FFD78FB1A73D806AF5421378D1430ED344BA1200E3006D5AAF4150E925C1F2267A8D637A50A4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINGDI_.#define _WINGDI_..#define WINGDIAPI DECLSPEC_IMPORT.#define WINSPOOLAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef NOGDI.#ifndef NORASTEROPS.#define R2_BLACK 1.#define R2_NOTMERGEPEN 2.#define R2_MASKNOTPEN 3.#define R2_NOTCOPYPEN 4.#define R2_MASKPENNOT 5.#define R2_NOT 6.#define R2_XORPEN 7.#define R2_NOTMASKPEN 8.#define R2_MASKPEN 9.#define R2_NOTXORPEN 10.#define R2_NOP 11.#define R2_MERGENOTPEN 12.#define R2_COPYPEN 13.#define R2_MERGEPENNOT 14.#define R2_MERGEPEN 15.#define R2_WHITE 16.#define R2_LAST 16..#define SRCCOPY (DWORD)0x00CC0020.#define SRCPAINT (DWORD)0x00EE0086.#define SRCAND (DWORD)0x008800C6.#define SRCINVERT (DWORD)0x00660046.#define SRCERASE (DWORD)0x00440328.#define NOTS

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winnt.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):193650
                                                                                                                                                                                                                                                                        Entropy (8bit):5.442692211038205
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:mgqyl7JPZPZWFLvC3b+tc55bLqkI66qJ+bOaCIzxlWLp9EhxveAMimiAg9+38w8l:FvgTAw+39O8+NQkK9t/k7IM
                                                                                                                                                                                                                                                                        MD5:39AB9E1D4A6B6871FC59D837A1910566
                                                                                                                                                                                                                                                                        SHA1:CEA4A15910A1DC02AF23A06ACE7B8B7BD6E1001D
                                                                                                                                                                                                                                                                        SHA-256:0881DEBBBD1879A08341E395FA1DCED6A7B1007A80A9C6ECC831A7800C90CA02
                                                                                                                                                                                                                                                                        SHA-512:652B8695DBBF04C76DB183435FDDC21034FD9C8C10CF648A21787855417B5050580C424C4DA773676BD6A6FD8C30596D905E3C9E91E946B37EA5723FBA9DF481
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINNT_.#define _WINNT_..#ifdef __cplusplus.extern "C" {.#endif..#include <ctype.h>.#define ANYSIZE_ARRAY 1..//gr #include <specstrings.h>..#define RESTRICTED_POINTER..#ifndef __CRT_UNALIGNED.#define __CRT_UNALIGNED.#endif..#if defined(__ia64__) || defined(__x86_64).#define UNALIGNED __CRT_UNALIGNED.#ifdef _WIN64.#define UNALIGNED64 __CRT_UNALIGNED.#else.#define UNALIGNED64.#endif.#else.#define UNALIGNED.#define UNALIGNED64.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && defined(__x86_64).#define _AMD64_.#endif..#if !defined(I_X86_) && !(defined(_X86_) && !defined(__x86_64)) && !defined(_AMD64_) && defined(__ia64__).#if

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winreg.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with very long lines (302)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13963
                                                                                                                                                                                                                                                                        Entropy (8bit):5.433606364599901
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:CVb+C+ikI8n1W8l12X3ufMfkebe+XxeceAUgnhicr7Df0ff8uc/1uA1uFZNz6deF:q+C3kI8n1W8l14VzPBAf
                                                                                                                                                                                                                                                                        MD5:0F0E5CB60E379839AC67467A6FD5280F
                                                                                                                                                                                                                                                                        SHA1:0783BEC9C6F621AEDD45D2F1010740D9A6152B0A
                                                                                                                                                                                                                                                                        SHA-256:6DBB969DC21E90D9044DABCD190268C1BB33E445862CE2A4A536E9A7134FA4EB
                                                                                                                                                                                                                                                                        SHA-512:06C87AE227BF6D9C00E8404C728CC77DE9840237647605AABF197A85131E4835FF6EE96D7BEE24FD7B423C86F64D673669D2D2E8061F03473B2B0A1E10DD8BCA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINREG_.#define _WINREG_..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#define RRF_RT_REG_NONE 0x00000001.#define RRF_RT_REG_SZ 0x00000002.#define RRF_RT_REG_EXPAND_SZ 0x00000004.#define RRF_RT_REG_BINARY 0x00000008.#define RRF_RT_REG_DWORD 0x00000010.#define RRF_RT_REG_MULTI_SZ 0x00000020.#define RRF_RT_REG_QWORD 0x00000040..#define RRF_RT_DWORD (RRF_RT_REG_BINARY | RRF_RT_REG_DWORD).#define RRF_RT_QWORD (RRF_RT_REG_BINARY | RRF_RT_REG_QWORD).#define RRF_RT_ANY 0x0000ffff..#define RRF_NOEXPAND 0x10000000.#define RRF_ZEROONFAILURE 0x20000000.. typedef ACCESS_MASK REGSAM;..#define HKEY_CLASSES_ROOT ((HKEY) (ULONG_PTR)((LONG)0x80000000)).#define HKEY_CURRENT_USER ((HKEY) (ULONG_PTR)((LONG)0x80000001)).#define HKEY_LOCAL_MACHINE (

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winuser.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):179678
                                                                                                                                                                                                                                                                        Entropy (8bit):5.448601521160739
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:jgie2EUSlwrMbtENbSJGDN4tSUez2pUQkR:jgie7wrMSSJGDfUe++
                                                                                                                                                                                                                                                                        MD5:3243B7C1189CC2C02075C2B175592EA9
                                                                                                                                                                                                                                                                        SHA1:B520F45E195A50AB00ACC161EFEC7E6620E652AF
                                                                                                                                                                                                                                                                        SHA-256:4356BFCDF5209C4EC58DE486E2173CE4B17E0CE75A422B226FDDDD18597C9905
                                                                                                                                                                                                                                                                        SHA-512:CDAA9D91F80127028DC877924D2E41B4EF55714485536C4B64955195C94E8EBFBECF9A0D7545DF535CBF4C1977CA53C14379B96ABCEBF7AEC461BCBB87EF040E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINUSER_.#define _WINUSER_..#define WINUSERAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <stdarg.h>..#ifndef NOUSER. typedef HANDLE HDWP;. typedef VOID MENUTEMPLATEA;. typedef VOID MENUTEMPLATEW;. typedef PVOID LPMENUTEMPLATEA;. typedef PVOID LPMENUTEMPLATEW;..#ifdef UNICODE. typedef MENUTEMPLATEW MENUTEMPLATE;. typedef LPMENUTEMPLATEW LPMENUTEMPLATE;.#else. typedef MENUTEMPLATEA MENUTEMPLATE;. typedef LPMENUTEMPLATEA LPMENUTEMPLATE;.#endif.. typedef LRESULT (CALLBACK *WNDPROC)(HWND,UINT,WPARAM,LPARAM);. typedef INT_PTR (CALLBACK *DLGPROC)(HWND,UINT,WPARAM,LPARAM);. typedef VOID (CALLBACK *TIMERPROC)(HWND,UINT,UINT_PTR,DWORD);. typedef WINBOOL (CALLBACK *GRAYSTRINGPROC)(HDC,LPARAM,int);.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\include\winapi\winver.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5381
                                                                                                                                                                                                                                                                        Entropy (8bit):5.237607493279814
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:EtGsCwPV1Ihot5C5snyv5vdQSZWVvc22c26T9Dd1s4S/BwS9BYwJw3+wIwV4mDVC:oC4V1Ihot5CFQjs4S/BwS9BmwJp9q1PK
                                                                                                                                                                                                                                                                        MD5:F0EF1B8EE3A22C3FA3CA4DD26012E309
                                                                                                                                                                                                                                                                        SHA1:4D78773275154677A5BB66D6393636CA2418EE69
                                                                                                                                                                                                                                                                        SHA-256:7D846678EC2A8C70F86308CF6BE585D760924C620DFCFB4B048F60D88577B69D
                                                                                                                                                                                                                                                                        SHA-512:7B230B6BE986E12C639DEE195198EE87FF1E9E0895FE3C101A3E8553D272986B9800C3C74B53A89128821D2D8D439A4968E48C29B2EDA43096E48F51B871B18C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef VER_H.#define VER_H..#ifdef __cplusplus.extern "C" {.#endif..#define VS_FILE_INFO RT_VERSION.#define VS_VERSION_INFO 1.#define VS_USER_DEFINED 100..#define VS_FFI_SIGNATURE 0xFEEF04BDL.#define VS_FFI_STRUCVERSION 0x00010000L.#define VS_FFI_FILEFLAGSMASK 0x0000003FL..#define VS_FF_DEBUG 0x00000001L.#define VS_FF_PRERELEASE 0x00000002L.#define VS_FF_PATCHED 0x00000004L.#define VS_FF_PRIVATEBUILD 0x00000008L.#define VS_FF_INFOINFERRED 0x00000010L.#define VS_FF_SPECIALBUILD 0x00000020L..#define VOS_UNKNOWN 0x00000000L.#define VOS_DOS 0x00010000L.#define VOS_OS216 0x00020000L.#define VOS_OS232 0x00030000L.#define VOS_NT 0x00040000L.#define VOS_WINCE 0x00050000L..#define VOS__BASE 0x00000000L.#define VOS__WINDOWS16 0x00000001L.#define VOS__PM16 0x00000002L.#define VOS__PM32

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-1ATJI.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1112834
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995534990823338
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:24576:H1XCCswrgMlbH4v3Cj6N3yHORtmV7VJPX/uPQDNDcpLwBlxaZm5g5Gvh6at0:ACRlbHhj6N3vR4Vt/uSN2L6LaZAgcvHC
                                                                                                                                                                                                                                                                        MD5:38B22DEDFBCAFE1376ACEB7A0722FB8F
                                                                                                                                                                                                                                                                        SHA1:6C96AA4E7C71C82A82951443BA6DAE9019601E55
                                                                                                                                                                                                                                                                        SHA-256:F092D81531B8603A52F70245D041E2C43B020280BD9F358172330FF405E451CD
                                                                                                                                                                                                                                                                        SHA-512:135EF19161572A57AE1BC618C6CC7FDE889BD1A5C88E6125080C3712E7F0AE96F2A9B7728765C1B115F91CE48200CA47CA0C43E31625CBD11DFFA181610F03CA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK..&..}|T.7~Nf.L...@..".2(..Di....M#.....(meJ.(7...'..'.f.0.k..V.....k...QQf...HqB(N.b@jO.T..&C.2...93.....y>...=s.w.....k...R..zN.q...H..8._....U.3i.[...i.........5{K.3.-.....|...g.{cv..t....^..U..yb..'...4JD.[...I...t.x]f...c.y#8.....U..;I.....ro....M..Qo..?&.....g......|.?.^w#......%@OV.wO....r.x..7.#.PFJP...B...9n.O|..-.F>.w....1...[.....^6..q......p..~{.V..<-Xp.z..z....m..........=5......n.......}..).....x...........,.m...0......1.....>..^._d...~...<.........b=...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...Q..3..`#.M..dp..g38..f./d.b..2x...2x.........^.....f.z.o`..........v..`p9...\..Z..dp=.w1.E..e.>..g...70. ...|.....ap;.;..c.)...|......`.....2x..!.....c.7...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...q..3..`#.M..dp..g38..f./d.b..2x...2x...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-2B7C6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):104
                                                                                                                                                                                                                                                                        Entropy (8bit):4.292808527787486
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:VSPAiQ7UeSaClo+tHEu3jdXgOYsO:Vr7Ueyl4u3jdQOS
                                                                                                                                                                                                                                                                        MD5:A2E60A2F01F69D0DA415C58F25C37E5B
                                                                                                                                                                                                                                                                        SHA1:FA1A0D6183FEE10DE5FA4C554370556217E3AF26
                                                                                                                                                                                                                                                                        SHA-256:DC9354CCF9667D1E5CA13D6468BA2C258256042D7C25E6D91ADE7F8E2A2FF3BF
                                                                                                                                                                                                                                                                        SHA-512:CE7F5F8365D2EF3DA14D4123CC7EF053A7F99E8F98D47E6C5967F267B8EC7FDAC2DA993D0FC26DF8EB2FACE176BA56B7359BA1F29F021E1DFDD561B15EFE64AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#Enter modulenames you do not wish to trace..#kernel32.dll #example. comment out to ignore kernel32.dll

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-2S9FE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28924
                                                                                                                                                                                                                                                                        Entropy (8bit):7.991784495689372
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:SSHnnhPVVYCzrpCuqOMWlPLe1uvY1R78Occgok:SSHnnJDXZY1RgOccK
                                                                                                                                                                                                                                                                        MD5:FE3637780172B207CB31BB3DC612CD34
                                                                                                                                                                                                                                                                        SHA1:B65FA4078DCB813EBBA16784C80BC7A0E71025DD
                                                                                                                                                                                                                                                                        SHA-256:080A0AE9634FB07F2E9B1DDEA31491564195865DCD2B6201E1A10A13E8CDD5E9
                                                                                                                                                                                                                                                                        SHA-512:8F1DA48E6F224B7E7E6EF26D11D3C484A254E9A335DA9E59B837A81F9B7DB501039F31EF9AD055A07BB139BC1147C114923742C3204156AE3371A0F225A433CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK......x.E.0..$.0I..`.........M......&...!.w...eC7.J .q.)Zq..u..^Y...z..+?.8C0!..T@A.k......0..s.g.......<....%.tuU.:u...SU..+...9.......3......./}...WS.....).{.Y....g..?....?...L...C9..Os..iN."w.O~..[..Rsc8~.u....3.....<s....L+s...+...3.3...............3s.{..^.s-..'.-0%r.n..2...%.F.R8.I..a.LxX..|...=...ci...cb....&.v41@..t...gy..V.7..a.....r..\..k...\j...o..Z/.{..#..Xc......xPz..2...>.~.....:n5...7..x.....Z.....n..+.....h.....t............W....j.8..m.s.k/.e\..Jc}.. W......:8z....C.i[s..9..qz.........[Z6.~.k..7....!...Tk....u...;8m3.U....|.y_.+x...A..f@6...p........I.....z..<.p.L.@.K?.a.0..O....... ..f..d0.w.>N-..E.w...L.-.b.g....{..K@.....gf.T (>.&.c..)o)7aQ#$.<.@2;.Y.......u.Wu.-....J.\hv.j..V..,.Kv.2.s.N...g.X......mf@P.....k....Q..../...Fj.5.........X{h............r...`.q+U.\.=..,Yf..).....dV..a..m.@..'iQVP....e..3.../v`@{ ..<C&...||........3..7....<.)....u+6:2.V..{......B.]ibU.r.........H*.ea..M.E.ct.m.r.+}f..X2 . ...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-3AK3C.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):464280
                                                                                                                                                                                                                                                                        Entropy (8bit):6.881353710429075
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:dBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfy:dxLrLmd4OA4L8DXGnmy
                                                                                                                                                                                                                                                                        MD5:AD3F33BAC8EADAB224ADAF4CF6D5B97A
                                                                                                                                                                                                                                                                        SHA1:6CCFB97236C5AD3B48A3EB7A113E3E297422E808
                                                                                                                                                                                                                                                                        SHA-256:58B206AB9A3D84FDAFB537B419F721ECDEADE489707DBAB227B043D5343DB369
                                                                                                                                                                                                                                                                        SHA-512:C319A1C3D0D90AFEFD27DC0379C79E38993490FFA14CB281F419BC94FDE5776CD7EAB54351C57F6EAEEBCACF7F965FA0B8A8DD67489E799FCD84D39393C62A3E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..3...3...3..d...3..d....3..d....3...6...3...7...3...0...3.......3...2...3.<.;...3.<.3...3.<....3.<.1...3.Rich..3.................PE..L....v._...........!..... ...................0............................................@..........................c.......q..(........................g.......2...W..p............................X..@............0..h............................text...@........ .................. ..`.rdata...I...0...J...$..............@..@.data................n..............@....rsrc................x..............@..@.reloc...2.......4...z..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-3V98M.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):127384
                                                                                                                                                                                                                                                                        Entropy (8bit):6.856313478886397
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:yq8Iw0TnMfrUEuKo+w/lT35oBqhSw3kmuqW3Crf0d3N1NsCeOEy6jCMpOEsC:yq8IdTMTyXUR2JJry3NreOnMpOu
                                                                                                                                                                                                                                                                        MD5:5F1A333671BF167730ED5F70C2C18008
                                                                                                                                                                                                                                                                        SHA1:C8233BBC6178BA646252C6566789B82A3296CAB5
                                                                                                                                                                                                                                                                        SHA-256:FD2A2B4FE4504C56347C35F24D566CC0510E81706175395D0A2BA26A013C4DAF
                                                                                                                                                                                                                                                                        SHA-512:6986D93E680B3776EB5700143FC35D60CA9DBBDF83498F8731C673F9FD77C8699A24A4849DB2A273AA991B8289E4D6C3142BBDE77E11F2FAF603DF43E8FEA105
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h8h.:.h.h.h.:.h.h)h.:.hN.fh.:.hAh1h.:.h.:.h.:.h.h'h.:.h.h?h.:.h.h<h.:.hRich.:.h........................PE..L...}..S...........!.........j......#T.......0......................................r.....@..........................c..b....Z..P........................g......<....1..............................(P..@............0..`............................text............................... ..`.rdata..r4...0...6... ..............@..@.data....0...p.......V..............@....rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-445MR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):479536
                                                                                                                                                                                                                                                                        Entropy (8bit):5.994666279988566
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:Tch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCeMG:e6Utc6gdcfkv+KIR
                                                                                                                                                                                                                                                                        MD5:DAA81711AD1F1B1F8D96DC926D502484
                                                                                                                                                                                                                                                                        SHA1:7130B241E23BEDE2B1F812D95FDB4ED5EECADBFD
                                                                                                                                                                                                                                                                        SHA-256:8422BE70E0EC59C962B35ACF8AD80671BCC8330C9256E6E1EC5C07691388CD66
                                                                                                                                                                                                                                                                        SHA-512:9EAA8E04AD7359A30D5E2F9256F94C1643D4C3F3C0DFF24D6CD9E31A6F88CB3B470DD98F01F8B0F57BB947ADC3D45C35749ED4877C7CBBBCC181145F0C361065
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................& ...G.......XJ..P................................................................................................`.......P..P...............t1.......g...p..(...................................................`S...............................text.............................. ..`.data...............................@....rdata..............................@..@.pdata..t1.......2..................@..@.bss....XJ...............................CRT.........@......................@....idata.......P......................@....edata.......`......................@..@.reloc..(....p......................@..B/4..................................@..B/16.................................@..B/30.................................@..B/42.....@...........................@..B........................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-456E6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):268704
                                                                                                                                                                                                                                                                        Entropy (8bit):5.837891086948313
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:0drkqKo/nt7PrwnoK0M6EZgugEkkoSE5O7Z3LLr:6rkm9mP6EZgugEnoSE5OB
                                                                                                                                                                                                                                                                        MD5:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                                                                                        SHA1:220F8AF8B91D3C7B64140CBB5D9337D7ED277EDB
                                                                                                                                                                                                                                                                        SHA-256:2F3214F799B0F0A2F3955DBDC64C7E7C0E216F1A09D2C1AD5D0A99921782E363
                                                                                                                                                                                                                                                                        SHA-512:6EEF3254FC24079751FC8C38DDA9A8E44840E5A4DF1FF5ADF076E4BE87127075A7FEA59BA7EF9B901AAF10EB64F881FC8FB306C2625140169665DD3991E5C25B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...............................d)..`........ ....@.................................:8..........................................d........................k...................................3.......................................................text............................... ..`.data........ ......................@....rdata...g...@...h...(..............@..@.bss....d)...............................CRT................................@....idata..N...........................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-4JSIG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):339864
                                                                                                                                                                                                                                                                        Entropy (8bit):6.56829741282491
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:ZnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pY2B:jdsxs6I6k9MUoNt2vSs8KqdmgIIE/b
                                                                                                                                                                                                                                                                        MD5:A358DAE60F1C0F6A633F98B1E4D3E850
                                                                                                                                                                                                                                                                        SHA1:2016F1FB0F8000E515602498432951B7C5BC5ACA
                                                                                                                                                                                                                                                                        SHA-256:25C648CFDB4CDBBB13630ADC7C14F2BB556C98F5CD1DCBECAFFA91629D2D4A4C
                                                                                                                                                                                                                                                                        SHA-512:879B5E95CF7F06E105930724BBC6967B367417DCE390A15DE48BF5CE76CE2435EA4A59095AB67EEE5A05FA41126DDB984C2154ABA34B33FAC895A1CCC2D2A617
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.j...9...9...9..p9...9..V9...9..W9...9..h9...9K.|9...9...9...9#.S9...9#.k9...9.|l9...9#.i9...9Rich...9........PE..d...t.&V.........." .........J...............................................0............`..........................................h.......t..d...............\+.......g... ......@...8............................8..p............................................text............................... ..`.rdata..P...........................@..@.data....R......."...n..............@....pdata..\+.......,..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-4KUD7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):202648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.566120700945174
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:fr03mcDwt5b2+z615yQ7SLVTnyJYpgerOEmgsRBZnwO4oO8:fg3mrHb2+z615yQ7GnyOpFOEFKD2G
                                                                                                                                                                                                                                                                        MD5:9F50134C8BE9AF59F371F607A6DAA0B6
                                                                                                                                                                                                                                                                        SHA1:6584B98172CBC4916A7E5CA8D5788493F85F24A7
                                                                                                                                                                                                                                                                        SHA-256:DD07117ED80546F23D37F8023E992DE560A1F55A76D1EB6DFD9D55BAA5E3DAD6
                                                                                                                                                                                                                                                                        SHA-512:5CCAFA2B0E2D20034168EE9A79E8EFFF64F12F5247F6772815EF4CB9EE56F245A06B088247222C5A3789AE2DCEFADBC2C15DF4FF5196028857F92B9992B094E0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........d....*........... ...............................@......D...........................................P........................g.......#......................................................d............................text............................... ..`.data...d.... ......................@....rdata..,c...@...d..................@..@.bss.....*...............................CRT.................~..............@....idata..............................@....edata..............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-4NNEJ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12502
                                                                                                                                                                                                                                                                        Entropy (8bit):5.40558493486102
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0egHuderGTd4G9mSZk/8fdtINfbLmJFcSC5xm+9qh07EBS5pekFrLUK80u9ETxst:AHuderlSZk/8FtIF4umMqEpDg3fT
                                                                                                                                                                                                                                                                        MD5:62E1FA241D417668F7C5DA6E4009A5A6
                                                                                                                                                                                                                                                                        SHA1:F887409E3C204A87731F317A999DC7E4CC8D3FCD
                                                                                                                                                                                                                                                                        SHA-256:82E8EF7DF20A86791CEF062F2DCACB1D91B4ADC9F5DEA2FD274886BE8365B2F8
                                                                                                                                                                                                                                                                        SHA-512:2283CBB9E1D5D53AD1ED9BC9DB6034FB3C53C633B11001F373523640BBBBA95DA9A3A0866C7D5FA0620FACAB7D18C8577DFD69496FC7319E0A4A74D0B9E10C45
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--Defines:....--checkbox state defines..cbUnchecked=0..cbChecked=1..cbGrayed=2......--onMouseEvent button defines:..mbLeft=0..mbRight=1..mbMiddle=2..mbExtra1=3..mbExtra2=4......--memo scrollbar defines..ssNone=0..ssHorizontal=1..ssVertical=2..ssBoth=3..ssAutoHorizontal=4..ssAutoVertical=5..ssAutoBoth=6......bsNone=0..bsSingle=1..bsSizeable=2..bsDialog=3..bsToolWindow=4..bsSizeToolWin=5........--scan types: (fast scan methods)..fsmNotAligned=0..fsmAligned=1..fsmLastDigits=2....--rounding types..rtRounded=0..rtExtremerounded=1..rtTruncated=2....--scan options..soUnknownValue=0..soExactValue=1..soValueBetween=2..soBiggerThan=3..soSmallerThan=4..soIncreasedValue=5..soIncreasedValueBy=6..soDecreasedValue=7..soDecreasedValueBy=8..soChanged=9..soUnchanged=10......--debug variables..--Breakpoint methods:..bpmInt3=0..bpmDebugRegister=1..bpmException=2......--Breakpoint triggers:..bptExecute=0..bptAccess=1..bptWrite=2....--breakpoint continue methods:..co_run=0..co_stepinto=1..co_stepover=2....-

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-4VH0C.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):336600
                                                                                                                                                                                                                                                                        Entropy (8bit):6.344264969706984
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:6LYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CAYOpIOs:6LYEDJAAnHp2uk2KNO0tEQV+b3n6
                                                                                                                                                                                                                                                                        MD5:19D52868C3E0B609DBEB68EF81F381A9
                                                                                                                                                                                                                                                                        SHA1:CE365BD4CF627A3849D7277BAFBF2F5F56F496DC
                                                                                                                                                                                                                                                                        SHA-256:B96469B310BA59D1DB320A337B3A8104DB232A4344A47A8E5AE72F16CC7B1FF4
                                                                                                                                                                                                                                                                        SHA-512:5FBD53D761695DE1DD6F0AFD0964B33863764C89692345CAB013C0B1B6332C24DCF766028F305CC87D864D17229D7A52BF19A299CA136A799053C368F21C8926
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...G.3..D....G...C.......P.......................................E...............................P.......@..P...................@....g...`...$...................................................A..t............................text....3.......4.................. ..`.data...D....P.......8..............@....rdata...a...p...b...L..............@..@.bss.....G...............................CRT.........0......................@....idata..y....@......................@....edata.......P......................@..@.reloc...$...`...&..................@..B.stab... ...........................@..B.stabstr............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-59ART.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1882
                                                                                                                                                                                                                                                                        Entropy (8bit):4.658116184932645
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:60wIlJhxWXs/2h8OjrGCLyO7OjO6NsVhVyQk7FUBL9HuTsx0refVS+IsZZsznGd2:HTP8gE8OvnKy6NsVu7FYLswlW/
                                                                                                                                                                                                                                                                        MD5:CC0F8B66BFEDC67DA8DBB2A7DF2AA006
                                                                                                                                                                                                                                                                        SHA1:C6D86CC43A042581E389DC9A28AFFDDF64294AC8
                                                                                                                                                                                                                                                                        SHA-256:CDDD0F35F7351E6F19486CCD7EEE5D31F0134C5C3554A12C7D51131DDE8E29CD
                                                                                                                                                                                                                                                                        SHA-512:A4AEC40AC6BEA2ADACF15829AEEEBE66117473A542303024669A828710C6AFD072C0F4890A6A334B35AC894A1A80A5BDD5E91A6FFCB7149540E304117A7E5800
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#write down modulenames that are commonly used by games..#this decreases the number of wrong results in various types of memory inspection....1911.dll..speedtreert.dll..visionengineplugin.vplugin..vision90.dll..vbase90.dll..nvscpapi.dll..physxcore.dll #nvidia physx..nxcooking.dll..physxloader.dll..physxextensions.dll..cudart.dll..openal32.dll..vorbisfile.dll..ogg.dll..vorbis.dll..vorbisenc.dll..vorbisfile.dll..binkw32.dll..bink2w64.dll..iconv.dll..gameoverlayrenderer.dll #steam..steam_api.dll..steam_api64.dll..steamclient.dll..steamclient64.dll..tier0_s.dll..vstdlib_s.dll..steam.dll..steam2.dll..mss32.dll..dbghelp.dll..umbra.dll..unrar.dll....#CE dll's..cehook.dll..allochook.dll..allochook-x86_64.dll..allochook-i386.dll..vehdebug-i386.dll..vehdebug-x86_64.dll..speedhack-i386.dll..speedhack-x86_64.dll..luaclient-i386.dll..luaclient-x86_64.dll..d3dhook.dll..d3dhook64.dll..ced3d9hook.dll..ced3d9hook64.dll..ced3d10hook.dll..ced3d10hook64.dll..ced3d11hook.dll..ced3d11hook64.dll..luaclient-

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-5MOKN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):140696
                                                                                                                                                                                                                                                                        Entropy (8bit):6.856834819192468
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
                                                                                                                                                                                                                                                                        MD5:42E2BF4210F8126E3D655218BD2AF2E4
                                                                                                                                                                                                                                                                        SHA1:78EFCB9138EB0C800451CF2BCC10E92A3ADF5B72
                                                                                                                                                                                                                                                                        SHA-256:1E30126BADFFFB231A605C6764DD98895208779EF440EA20015AB560263DD288
                                                                                                                                                                                                                                                                        SHA-512:C985988D0832CE26337F774B160AC369F2957C306A1D82FBBFFE87D9062AE5F3AF3C1209768CD574182669CD4495DBA26B6F1388814C0724A7812218B0B8DC74
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.u...&...&...&.@r&...&.@d&...&.@c&...&=.,&...&2@{&...&...&...&.@m&...&.@u&...&.@v&...&Rich...&........................PE..L...~..S...........!.....@...z......*l.......P......................................x.....@.........................`...G...l...P........................g...........Q.................................@............P..X............................text....>.......@.................. ..`.rdata...E...P...F...D..............@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-62AE0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.017604835530295
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KK2iOI60nWU4NJ4twEywGLOJQbcOL9z32fY8iV1OQfkz5w4Q7hk1D2oOyPOP:KKu0WU4J0w6xJkBAY8i7fkaThkA4g
                                                                                                                                                                                                                                                                        MD5:DD71848B5BBD150E22E84238CF985AF0
                                                                                                                                                                                                                                                                        SHA1:35C7AA128D47710CFDB15BB6809A20DBD0F916D8
                                                                                                                                                                                                                                                                        SHA-256:253D18D0D835F482E6ABBAF716855580EB8FE789292C937301E4D60EAD29531D
                                                                                                                                                                                                                                                                        SHA-512:0CBF35C9D7B09FB57D8A9079EAB726A3891393F12AEE8B43E01D1D979509E755B74C0FB677F8F2DFAB6B2E34A141F65D0CFBFE57BDA0BF7482841AD31ACE7790
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".... Z..........`........................................ .......U..........................................................P............p.. ........g......0...................................................@................................text... Z.......\.................. ..`.data........p.......`..............@....rdata...............z..............@..@.pdata.. ....p...0...T..............@..@.bss.....................................CRT................................@....idata..............................@....edata..............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-653CG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16718264
                                                                                                                                                                                                                                                                        Entropy (8bit):6.110071636301838
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:393216:sjcp4nsiRMX7ZbqE14ImAfltGYav/HX8h:bbqE1RmLvvY
                                                                                                                                                                                                                                                                        MD5:EDEEF697CBF212B5ECFCD9C1D9A8803D
                                                                                                                                                                                                                                                                        SHA1:E90585899AE4B4385A6D0BF43C516C122E7883E2
                                                                                                                                                                                                                                                                        SHA-256:AC9BCC7813C0063BDCD36D8E4E79A59B22F6E95C2D74C65A4249C7D5319AE3F6
                                                                                                                                                                                                                                                                        SHA-512:1AAA8FC2F9FAFECBE88ABF07FBC97DC03A7C68CC1D870513E921BF3CAEAA97128583293BF5078A69AECBB93BF1E531605B36BD756984DB8D703784627D1877D1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{..........=........@......................................e.......................................................p...........................k..................................p.|.(.......................H............................text.....{.......{................. ..`.data.........|.......{.............@....rdata...xa......za................@..@.pdata...............n..............@..@.bss.........P...........................CRT.........`.......&..............@....idata...b...p...d...(..............@....rsrc............ ..................@.../4..................................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-66DVM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):455072
                                                                                                                                                                                                                                                                        Entropy (8bit):6.627282046325032
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:8NqQopGY6gsnGubx5JbmZl2Wjm+9498RkaGlef/AYbAPrqEThN0dWI/mo1pdUMMe:fQoIfvxCc64fauA0lhydIo1AfDW
                                                                                                                                                                                                                                                                        MD5:E8DFC0D2D41483C7725E4EBB7E32D324
                                                                                                                                                                                                                                                                        SHA1:B2890C91EFBA390B68E481CD2EE311136B740EDE
                                                                                                                                                                                                                                                                        SHA-256:1172F2D7B1FB34408C8FFC248E3E719922843EA07BD5B409BE3405D1C300B3F7
                                                                                                                                                                                                                                                                        SHA-512:539A1BD18D4753D69756B9B7E6603DD6E7A3F354CA002DECE206F7E2F1E2792704F3D80F38B37C0C41F16A1FD9DE32CC4DD5873959D762C5AA13388715EE7803
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................8...Fi...................................................Q...........Rich...........PE..d...5.6c.........." ................P5...............................................h....`..........................................<.......?..(...............d2.......k..............p...........................p................................................text............................... ..`.rdata...8.......:..................@..@.data....X...P.......<..............@....pdata..d2.......4...H..............@..@.rsrc................|..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-7NKA8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):206232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.577803539808585
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:ZyuXZus0fJ34+UZQ5IvR2diworEdVpRmY:nXZgV4dkIJfrEdVt
                                                                                                                                                                                                                                                                        MD5:DE625AF5CF4822DB08035CC897F0B9F2
                                                                                                                                                                                                                                                                        SHA1:4440B060C1FA070EB5D61EA9AADDA11E4120D325
                                                                                                                                                                                                                                                                        SHA-256:3CDB85EE83EF12802EFDFC9314E863D4696BE70530B31E7958C185FC4D6A9B38
                                                                                                                                                                                                                                                                        SHA-512:19B22F43441E8BC72507BE850A8154321C20B7351669D15AF726145C0D34805C7DF58F9DC64A29272A4811268308E503E9840F06E51CCDCB33AFD61258339099
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........t...D)..0........ ...............................@..................................................P........................g.......#...................................................................................text............................... ..`.data...t.... ......................@....rdata..0d...@...f... ..............@..@.bss....D)...............................CRT................................@....idata..............................@....rsrc...............................@....reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-7U2AH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):55173
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995644990698608
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:aPQbr8Hv6jZwnB8K5vHTcM2b9+lmFD/cEt1kbD5F:Tbr8Hv6ji75vHTx9kD/cquP
                                                                                                                                                                                                                                                                        MD5:3885F7AF9007DF5A9874E61EDBB45F58
                                                                                                                                                                                                                                                                        SHA1:F7A7719E5A9036604CC64922FF2DC4FD40D253DD
                                                                                                                                                                                                                                                                        SHA-256:52EAA08C57AA0BA9737ED4413786DAB747DF4C692F34BF601D4FB0B37F231D08
                                                                                                                                                                                                                                                                        SHA-512:CAFF16F4171D205A1B44B18651FBA7B72D33F7FDD657C5EBA44853B26929B3F48749D9C5B07F158EA903D41C09A905D27D0A4E3D7B6228550B8C255FC64D5A3D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK.....{|SE.8~o...4$"..."...JQ.P.Z..[.*j}.E.VE..j]A[[.1........oD..)E[\.........1..."".....4e..........;....3g.9.V-O.47<..i./.........b..B...i....gB.EW.k....+'_..2....../.......E...N9=x..S.....D..>...W...g......Wr)../.s....C...}=..6.b.s[..~.?y...w.........i.M..t{.B..6..>.../W...0..k._;.*.........4.&.].....G....E.y....t....O..Wmj.K.P..ti...e...X`...I..k%;.3u....ow..D..E...:.h..D..E...r...dM.{WNS...%z...y..i...?5:..V.....F.:B]...=.gz.O.?..l.F.@.=G.....\9m..S4n.h+.wF........l..6[..W..f*........*....W..pr]X..z+..t:.......5;......a.Y.u..R.{..f......X4Tx....o2..._.1o........d7.....g.......~.....XG_.._1c....}.......|.........*0.u....-.u..N.*.y=.~..:x5..C.k....j.A.HIuQ4...cZ./.6}.X........;.:5.....0?.N.*`....x.......l..w...BEf|F..GC.h....oe....V2..B.Y...b......'.....*.q$6..k.7@M1x...i..o.Y.M....N+.N.1..x.~.r...............Qa...a..].p...._....d..$L....g..Nn.SQ[.......Mb..b|y...}....%v1....D].,Jji..(Q.h..M..G.q...[B.h.j.y`

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-8ER3T.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):386976
                                                                                                                                                                                                                                                                        Entropy (8bit):6.870406853054738
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:e59aKWK/HqY5AXeWEfv6TBr4udWNrrJ710vFTAmJxQIfaCU/MC3O74r/wuMGFYsN:G9WsHse9fvcBrnd8rrR10WUxkCxC3O7S
                                                                                                                                                                                                                                                                        MD5:81633981057858F56BECB3BD316283E9
                                                                                                                                                                                                                                                                        SHA1:F6981034B1A5E23766BA4D40D451D784A1CFF83E
                                                                                                                                                                                                                                                                        SHA-256:4885754E6AC08304858383E47D3ADA425409988871BA6586151143D511488614
                                                                                                                                                                                                                                                                        SHA-512:99886CB451EAE690657AC848B63D58CD8B436849F6D073C5C073B624A6956397AC5AB6B636B1970C60DCE4EB5B3512372A4EC79FC28E9397AFE7D0791466D0A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...0.6c...........!.....f...N......D.....................................................@.........................pB.......F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..`............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-8NO2Q.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:DOS/MBR boot sector
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):477184
                                                                                                                                                                                                                                                                        Entropy (8bit):5.927630308859684
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:JEgIgQUO3gqHm5DHLj7S0/Y9kwRofaqcEL5jw/ayKImdyoO:Gg/hEm5DrHE9kwRofaqcEL5jw/ayKImD
                                                                                                                                                                                                                                                                        MD5:036B059F8C1CC9AFF3D010E5446BB16C
                                                                                                                                                                                                                                                                        SHA1:450842B84E2FACE167E2D138E4F96317CB255BB3
                                                                                                                                                                                                                                                                        SHA-256:248F3D48664482090D2C8C01B98518777DED1D900E17ACBC077EFE17258411A6
                                                                                                                                                                                                                                                                        SHA-512:4BA5E167A2E3BFE92D43759642AF7BCDB6F4C9EFA30C0F9DE85D6E9758B62FC7ED89FAFDE48910E4E059080E457E3556D23CB1D59B3062C75F81DB9C59B75657
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.$.CETC2#...............>.A..............f..p....$p1...f...pf...pf...pf.6.pf.>.pf...pf.&.p.."p...&p..(p..*p.X.,p....0p. .f..}......0.......|1....?........}..............`.............6.|...?@..|.......& |.!....Q....."|.6$|...|....s......|..........u........1.."|..."|S...J.[:..|r....."|..$|..$|:..|u...$|....$|YI...Qu.Y.....|f...|......f}....0...P.P.&f}..g}...e..e.E...X..g}...f}...<.t...e..e.E.....F....f}.....Q....f.Y...`1.....t.=..t.=..t....X...@.f1........1..f.......@s.a..DBVM BS.......U......PR>..".>..#..........R........Z.&..&.D......Ps.........r...>..".>..#.ZX.....F.<$u..PRZX.PSQW....N..$N9.r.1......0..N...u..A9.r... N...._Y[X.PSQW....N..$N9.r,1.......w...0.......a..N...u..A9.r... N...._Y[X.88=$e801:$e820:..$ax=$bx=$cx=$dx=$SMAP ERROR!..$..................$................................get VESA info success..$get VESA info failed..$ Failurevideomode 0x$..1...H..&......6........&;.........t........retry reading disk..........f1.f1........]>..?.>

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-8QV7J.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):201
                                                                                                                                                                                                                                                                        Entropy (8bit):4.465403493165412
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:JW4+sNv/lQBAHpbs/UcUFJKPACcAE8J6Xv:JB+slzs/tUrKcbXv
                                                                                                                                                                                                                                                                        MD5:62771A63FDC87764BFF87D82918AB02A
                                                                                                                                                                                                                                                                        SHA1:8E468DED8CED87A10470BD5594337A854FF344BA
                                                                                                                                                                                                                                                                        SHA-256:5C16124BA0B39214BECB1AF4161BD82147AD8468879A3FD8E9FACC656A1D2E6F
                                                                                                                                                                                                                                                                        SHA-512:8D1792B712504336CAC0B175146F2B7EAEDA043BD3941C7B7C54CF926A4BA4835F0EFF7A2AD5C7B5509F80E7420C3F5F94200D4C3F922DB92B807E20E09A84D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--This lua script gets loaded when Cheat Engine loads..--You can use this to define some often used functions and libraries you'd like to use....require("defines")....--for documentation read celua.txt

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-97V42.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):122776
                                                                                                                                                                                                                                                                        Entropy (8bit):6.859839225631497
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:QyfNvGKKZVGcuasOKQBBTff07PSZHCSVKOCDCA32XQaOCKnOEPChMOE6:lNvG7vGcIiBTMS18RD7325YO/hMOr
                                                                                                                                                                                                                                                                        MD5:2A2EBE526ACE7EEA5D58E416783D9087
                                                                                                                                                                                                                                                                        SHA1:5DABE0F7586F351ADDC8AFC5585EE9F70C99E6C4
                                                                                                                                                                                                                                                                        SHA-256:E2A7DF4C380667431F4443D5E5FC43964B76C8FCB9CF4C7DB921C4140B225B42
                                                                                                                                                                                                                                                                        SHA-512:94ED0038068ABDDD108F880DF23422E21F9808CE04A0D14299AACC5D573521F52626C0C2752B314CDA976F64DE52C4D5BCAC0158B37D43AFB9BC345F31FDBBC0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h...:U..h...:D..h...:R..h..|....h...h...h...:[..h...:@..h..Rich.h..........PE..L...}..S...........!.........j.......K....... .......................................d....@..................................L..<....................x...g...........!..............................XB..@............ ..|............................text............................... ..`.rdata...5... ...6..................@..@.data...<0...`.......D..............@....rsrc................X..............@..@.reloc..h............Z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-9H2D7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):215333
                                                                                                                                                                                                                                                                        Entropy (8bit):4.786182096058482
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:VcIxsXTXvMeRTWJANaOOwubWiSe65oCmL/+5y/McvJVNry++Ctso2NwVWy+cOcEV:JLSRgun
                                                                                                                                                                                                                                                                        MD5:924416232DF99AEF96A2D9E8125AFE78
                                                                                                                                                                                                                                                                        SHA1:7F29A338CEFA00BE5FCDC8B94C41FFC31EE625B9
                                                                                                                                                                                                                                                                        SHA-256:77C6D324F03A8429BCE858824CFFFCFB7A50D39616D2F9D2729910E086F5AD9A
                                                                                                                                                                                                                                                                        SHA-512:470C55E302C86353584EEABB3510B4EFF6353ED16F549DB7C155B2C8283216F2B413D77C9FE20A12F6F55A07C9BE24614DF3A8F5B2CABF1597010249239D63F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:List of CE specific functions and variables:....Global Variables:..TrainerOrigin : A variable that contains the path of the trainer that launched cheat engine (Only set when launched as a trainer)..process : A variable that contains the main modulename of the currently opened process..MainForm: The main ce gui..AddressList: The address list of the main ce gui......Global Functions:..getCEVersion(): Returns a floating point value specifying the version of cheat engine..getCheatEngineFileVersion(): Returns the full version data of the cheat engine version. A raw integer, and a table containing major, minor, release and build....getOperatingSystem(): Returns 0 if CE is running in Windows, 1 for Mac....darkMode(): Returns true if CE is running in windows Dark Mode. Has no effect on mac....activateProtection(): Prevents basic memory scanners from opening the cheat engine process (Not that useful)..enableDRM(altitude OPTIONAL, secondaryprocessid OPTIONAL ) : Prevents normal memory scanners f

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-BM6Q5.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):131480
                                                                                                                                                                                                                                                                        Entropy (8bit):6.84563405497219
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
                                                                                                                                                                                                                                                                        MD5:43DAC1F3CA6B48263029B348111E3255
                                                                                                                                                                                                                                                                        SHA1:9E399FDDC2A256292A07B5C3A16B1C8BDD8DA5C1
                                                                                                                                                                                                                                                                        SHA-256:148F12445F11A50EFBD23509139BF06A47D453E8514733B5A15868D10CC6E066
                                                                                                                                                                                                                                                                        SHA-512:6E77A429923B503FC08895995EB8817E36145169C2937DACC2DA92B846F45101846E98191AEB4F0F2F13FFF05D0836AA658F505A04208188278718166C5E3032
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h4h.:.h.h"h.:.h.h%h.:.hN.jh.:.hAh=h.:.h.:.h.:.h.h+h.:.h.h3h.:.h.h0h.:.hRich.:.h........................PE..L...~..S...........!.........h......wd.......@......................................EA....@.........................pr..G....j..P........................g......d....A..............................._..@............@..X............................text....,.......................... ..`.rdata...3...@...4...2..............@..@.data....0...........f..............@....rsrc................|..............@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-C340L.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):144280
                                                                                                                                                                                                                                                                        Entropy (8bit):6.553148474736184
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
                                                                                                                                                                                                                                                                        MD5:0DAF9F07847CCEB0F0760BF5D770B8C1
                                                                                                                                                                                                                                                                        SHA1:992CC461F67ACEA58A866A78B6EEFB0CBCC3AAA1
                                                                                                                                                                                                                                                                        SHA-256:A2AC2BA27B0ED9ACC3F0EA1BEF9909A59169BC2EB16C979EF8E736A784BF2FA4
                                                                                                                                                                                                                                                                        SHA-512:B4DDA28721DE88A372AF39D4DFBA6E612CE06CC443D6A6D636334865A9F8CA555591FB36D9829B54BC0FB27F486D4F216D50F68E1C2DF067439FE8EBBF203B6A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..7...d...d...d..Vd{..d..@d...d..Qd9..d...d...d.Id...d...dq..d.._d...d..Gd...d..Dd...dRich...d........PE..d...p..S.........." .....F...........t.......................................0............@.........................................p...G......P........................g... ..h...0c...............................................`...............................text...fD.......F.................. ..`.rdata...J...`...L...J..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-CJGUK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12807608
                                                                                                                                                                                                                                                                        Entropy (8bit):6.604078603198481
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:393216:ueBcnBaXXA3MnU+239JmqUKSw6knnbWUuMu25s8U:uis/c2GF
                                                                                                                                                                                                                                                                        MD5:5BE6A65F186CF219FA25BDD261616300
                                                                                                                                                                                                                                                                        SHA1:B5D5AE2477653ABD03B56D1C536C9A2A5C5F7487
                                                                                                                                                                                                                                                                        SHA-256:274E91A91A7A520F76C8E854DC42F96484AF2D69277312D861071BDE5A91991C
                                                                                                                                                                                                                                                                        SHA-512:69634D85F66127999EA4914A93B3B7C90BC8C8FAB1B458CFA6F21AB0216D1DACC50976354F7F010BB31C5873CC2D2C30B4A715397FB0E9E01A5233C2521E7716
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................./......&h..t...q...<.......@h...@.................................$........................................P...........................k..................................P@h......................\..L............................text....&h......(h................. ..`.data....t...@h..v...,h.............@....rdata..X.B...u...B...u.............@..@.bss.....q...............................CRT.........@......................@....idata...H...P...J..................@....rsrc............ .................@.../4..................................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-CV2G2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):306758
                                                                                                                                                                                                                                                                        Entropy (8bit):7.936079952495831
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
                                                                                                                                                                                                                                                                        MD5:BB80FEC3B6E843B61859914480706CD9
                                                                                                                                                                                                                                                                        SHA1:0CED874BEE5BDA6059B5195911AA117693D9D2DE
                                                                                                                                                                                                                                                                        SHA-256:2D52F9D59211F8906ACE16525721B1400343BDF720F062CF111D84089F129009
                                                                                                                                                                                                                                                                        SHA-512:78D8A024DABD111B59BEEA4DC21150C7FBB3A6924201D2F3FF9E720E4BBC967BBFF285BA2064BC35C260FFDE433C639FDC0252C47AE29B43398117EDA21CF648
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:ITSF....`........2.........|.{.......".....|.{......."..`...............x.......T0.......0..............F...............ITSP....T...........................................j..].!......."..T...............PMGLS................/..../#IDXHDR..t.../#ITBITS..../#IVB...B.,./#STRINGS...O.r./#SYSTEM..v.6./#TOPICS...t.../#URLSTR...t.[./#URLTBL...t.../#WINDOWS...2.../$FIftiMain...<..8./$OBJINST...}.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...y../$WWKeywordLinks/..../$WWKeywordLinks/BTree..z.L./$WWKeywordLinks/Data...F.../$WWKeywordLinks/Map...G../$WWKeywordLinks/Property...Y ./0-ptaddresslist.html...8.S./1-ptmemoryview.html......./2-ptondebugevent.html...".../3-ptprocesswatcherevent.html...;.i$/3Dpinballforwindowspointercode.html.....s /4-ptfunctionpointerschange.html...$.2./5-ptmainmenu.html...V.]./aa_addextracommand.html...v.../aa_removeextracommand.html......./About.html...q."./Aboutb1.JPG...*.i./AboutCheatEngine.html.....U./Aboutthedebugger.html.....V./address.html...9.../Ad

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-CVIA4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):332704
                                                                                                                                                                                                                                                                        Entropy (8bit):6.512223997122371
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:UokW02RSGoOZQcW2jS95cM0EsZjv8trtH3Vizwy:ZkW02RsOKcWnDdMv8trtX0
                                                                                                                                                                                                                                                                        MD5:E9B5905D495A88ADBC12C811785E72EC
                                                                                                                                                                                                                                                                        SHA1:CA0546646986AAB770C7CF2E723C736777802880
                                                                                                                                                                                                                                                                        SHA-256:3EB9CD27035D4193E32E271778643F3ACB2BA73341D87FD8BB18D99AF3DFFDEA
                                                                                                                                                                                                                                                                        SHA-512:4124180B118149C25F8EA8DBBB2912B4BD56B43F695BF0FF9C6CCC95ADE388F1BE7D440A791D49E4D5C9C350EA113CF65F839A3C47D705533716ACC53DD038F8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........D(..$-..................................................P...........................................d........................k.......:..................................................P................................text............................... ..`.data...D(.......*..................@....rdata..............................@..@.bss....$-...p...........................CRT.................Z..............@....idata...............\..............@....edata...............j..............@..@.reloc...:.......<...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-DL6J6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33688
                                                                                                                                                                                                                                                                        Entropy (8bit):7.20956664617613
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zVYdpNkp9TvDXy2XmVEV3GPkjVvDXy2ulqwVEV3GPkjL:zVY1+nCDOEECDbOEw
                                                                                                                                                                                                                                                                        MD5:4ACE42D6530AF699FEB2372F805A6A40
                                                                                                                                                                                                                                                                        SHA1:FB8C7352808F104E851468F25D0DD14A25B8CFCA
                                                                                                                                                                                                                                                                        SHA-256:13DCE393B59B9EF4A5D4FCDC27267D018B350BDC44A62AACC5DBC7F1DF7F7A1C
                                                                                                                                                                                                                                                                        SHA-512:8BB770F304CD8BA23FB2A64370D74AC3FDC134235FF39802983B9BABDE12AB00E49A746F3C2113520F0E135CDFD1473C0B4B64272279D13E576912126AA556D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0............."3... ...@....... ....................................`..................................2..O....@...................g...`...... 2..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........"..............................................................R..{....o.....o....&*&...}....*..0............r...p(......,.....r...po.......8.....{.....o......{....r...p(........,..{.....{....o.....r;..p(.......{..........%...o......o....o...........,e....+F....o......o....o........(....rI..p.o......o....o....(....o........X.....o....o..........-...+....+..*..(.......s ...}.....{.....o!.....{.....o"....*.0............|....(#.....,..|....($....*....0..............(%..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-DN8FP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):46468
                                                                                                                                                                                                                                                                        Entropy (8bit):7.994038510231404
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:knKJWrjSpYCoxMO0HqzZuCxbSbONOirgFENxbWUYfQsQB/ju9x0QhS5d7uuNMRgH:knKJorQO0KcFigi841WUYfQhju9x0OcF
                                                                                                                                                                                                                                                                        MD5:715D61B9BCC484E271775F36865A4CDE
                                                                                                                                                                                                                                                                        SHA1:8AE158AEF6F6005AA3D6E6F8A09A05FD95551784
                                                                                                                                                                                                                                                                        SHA-256:C4B5797588C80520745732B96D7C6681F8420BDF55E426C40B852E56E5630124
                                                                                                                                                                                                                                                                        SHA-512:5C8E462FA504AC91D928617C74E287B598CE326A323C8A05533D4245D018A4A4CC354D05A0568785E7642D8CF779805950D70FE167C456B2D15F8901D714C037
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK0:....|T..?~7..,...0.(....%........%.DL...uAE.....7...k...,..c[.........I.....Bk.y..........=..n6.}.......Wf.33g..9s..[r.V!U..#9E.........?...^.&.2..c....y.b...9..<..5?x(...<..#.....Y.x8...s..t.<......:d....K~.......O_....J...Q.S.y.o.m........^....F..G..s.A....D.E.......0.&...w....R...aV^.'.r_E?Vr.Z-.=E....K..j.].^i.4..Q.#"n.x.Y.....*.l.r... ..N9.......7...m.U...o....~z........I.9. NY........N.....Q...=..bP......w..o(.P.a...7.o..V=B.Pv..I..o..-......1.sp.P(x........M...~-.......R.N7...P.o..:....0)...+.Rq.(../....L.O.e.......^..8'.{"..!.=R.\...|.o.. ..U.c.5-.~g.S..3.A....p..+.#JC.....j..;.1S... ..STX.`y...Z....f.d....SI..Q....(P|d....l0....<{...0{.r..*Pr}..*.BE....{...2/;....H..kg.o....r<j.K3.S.U.e>X.<...c.4.d7/.`....k....YV.zU........).GO....Y.x....[.9.p...q.........G...7z.....y.......a.El.*F9&...[3...XF.P.<l.rU.o.C.a.4w..jI.UeU.tUi.....*.0.O..~J..^.a.M%VzwZ.*..U.WU$..qMU..h.\..MU...A.....1<...-......'...gG.U6!X.M.s

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-FA58B.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):446368
                                                                                                                                                                                                                                                                        Entropy (8bit):6.635233277412147
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:aSn7zUunHkqypGYKKOyt8GMyKw0ORVdPpEPwkdRHhvOOZoU/wC/cQBi4Blb:nzU8E9GDWKMRPAZhvpoUOo
                                                                                                                                                                                                                                                                        MD5:069EC7832ADBF93BD04A91B07FF00D78
                                                                                                                                                                                                                                                                        SHA1:5ED84D13FFCEF487EB039CD75DE91294C25ED0CC
                                                                                                                                                                                                                                                                        SHA-256:8C8C608AE67F8B8A4E56DAF2EDEA1A92CBA6866D4F324BD0E5AD1284126849A7
                                                                                                                                                                                                                                                                        SHA-512:D9E9D40DE2509B112762ADE7EF0BB6DB91EB5687AE6EA9689ABD7A7AF8BA601297655587EEF34F7D1DAC62D77E5B586BE71B19F044EBF53028CFE90DDCE776F8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................8...Fk...................................................S...........Rich...........................PE..d...=.6c.........." ......................................................................`..........................................'.......*..(................1...d...k..............p............................................................................text...`........................... ..`.rdata...3.......4..................@..@.data....X...@......................@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-FHHS8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):149912
                                                                                                                                                                                                                                                                        Entropy (8bit):6.586184520889439
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
                                                                                                                                                                                                                                                                        MD5:0EAAC872AADC457C87EE995BBF45A9C1
                                                                                                                                                                                                                                                                        SHA1:5E9E9B98F40424AD5397FC73C13B882D75499D27
                                                                                                                                                                                                                                                                        SHA-256:6F505CC5973687BBDA1C2D9AC8A635D333F57C12067C54DA7453D9448AB40B8F
                                                                                                                                                                                                                                                                        SHA-512:164D1E6EF537D44AC4C0FD90D3C708843A74AC2E08FA2B3F0FDD4A180401210847E0F7BB8EC3056F5DC1D5A54D3239C59FB37914CE7742A4C0EB81578657D24B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Pr.P.............As.e....Ae......At.:.....;......Al.........p....Az......Ab......Aa.....Rich............................PE..d...p..S.........." .....Z..........@|.......................................@......b.....@.............................................G.......P.... ...................g...0..h...0s...............................................p...............................text....Y.......Z.................. ..`.rdata...L...p...N...^..............@..@.data....<..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-G2E86.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1491
                                                                                                                                                                                                                                                                        Entropy (8bit):5.150461183336365
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:c3UnepmoqbOOrYFlrJYrYFIzLQ9Zonc432smXOkuEWRO632s3yOtTf1p13to+Zqh:xOOrYj2rYCzeqnc432sem32s3xtD13tQ
                                                                                                                                                                                                                                                                        MD5:1EE5923E90E9DB03EF80F6DA5C14FB7B
                                                                                                                                                                                                                                                                        SHA1:BCB456DB885C932605F4DCFFABBF771BC7CB5C41
                                                                                                                                                                                                                                                                        SHA-256:1A971954CD09C202E73E625329EE4DDF7291C7C0E155A1086DA7FAAC1957C94B
                                                                                                                                                                                                                                                                        SHA-512:8A008D4FAEE52F76A6C9024DE88963261730FA12EB54B0BE5FB80F8CC02CF7FEC0EFC126A209A646BE17D91B78FFC2E54BAAB7E346474BCFFFD92D3C942E959F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Copyright 2018 Alex Ionescu. All rights reserved.....Redistribution and use in source and binary forms, with or without modification, are permitted provided..that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this list of conditions and.. the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions.. and the following disclaimer in the documentation and/or other materials provided with the.. distribution.....THIS SOFTWARE IS PROVIDED BY ALEX IONESCU ``AS IS'' AND ANY EXPRESS OR IMPLIED..WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND..FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ALEX IONESCU..OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR..CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS..OR SERVICES; LOSS OF USE,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-GIM1T.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.551821770808043
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:SNjBeQx+FGOujzBAk+skvy2a4nfJKnBTa6C:+jkk+dsAk+Fzag+BTab
                                                                                                                                                                                                                                                                        MD5:ADAFB7CDCA51FC803718F25172652DD3
                                                                                                                                                                                                                                                                        SHA1:DD882B60A842B0992F478349898415A857934330
                                                                                                                                                                                                                                                                        SHA-256:B1B61B2570DBAF2747C4862B8429424514D300A7E14B5065C8BBB4B751179E7E
                                                                                                                                                                                                                                                                        SHA-512:D0B3D17F0F1EFB8F2F0BCAA1295AED08043F0218BCFA092A47D46308911EC4BC2441711CAB300B852DE3DBCED1C83536750B1A77A75EAE5C8CBF95991AA88714
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.CaG.(9......q.5..4S..%..+...U*.>{5.......M.....-..kF.....7.."z..W.Lc...."6/.V.N..p.YC?...:m.D.k.T....u.0...c.U.h...\;1`.`B..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-HVM8R.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):309664
                                                                                                                                                                                                                                                                        Entropy (8bit):5.8237432164000404
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:TDwf7I4zq0ZDVQ5uIqp5rkenPajp80Gc5:T0f7Bz/G5uImQaPajp3
                                                                                                                                                                                                                                                                        MD5:59089C96334966EDFFC70BF4AE829910
                                                                                                                                                                                                                                                                        SHA1:8DC37D6F2364749D52DB1BCB9AD9FE30FB93930D
                                                                                                                                                                                                                                                                        SHA-256:49A55638C5A0F8112B89C45A24A2BCD102FF5DE2D22386649D7F6FFD283AF1FD
                                                                                                                                                                                                                                                                        SHA-512:3EDD411905298FDE78DF57B063B4B2000FA2D16F0E1A14E8940D4FBC2226C1CBA6925C47D3BECC10E76BBA9C5864CF671F5EF3B29CFA430823D0FA9BF9BBC3A9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................e.......).. .............@.........................................................................`..d....p...............N...k......|...........................P........................b...............................text....e.......f.................. ..`.data................j..............@....rdata...~..........................@..@.bss.....)... ...........................CRT.........P......................@....idata.......`......................@....rsrc........p......................@....reloc..|........0..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-I3P27.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1113504
                                                                                                                                                                                                                                                                        Entropy (8bit):5.932626447270598
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:3+hKmLazchlUT5PzJXmGFYKUeMzkMz7S480UJ+RNdO24a/s0X4G:Uy4n8VWGQdS480U4RN20X4G
                                                                                                                                                                                                                                                                        MD5:CCD151D8EE8ED05AA0E1D9142FD6E438
                                                                                                                                                                                                                                                                        SHA1:8D343BBC1A6F2D5D9ED8813427635696291C8F0D
                                                                                                                                                                                                                                                                        SHA-256:5C929F453DB7F0703BC8F939E39D48C79ECAB9E453918E5D0CD136C8026474CC
                                                                                                                                                                                                                                                                        SHA-512:DCB0B9A9B2908D5D55214F6A261B0A8C08889603CFABC327A7A82387012925BBF486B5C28B5250E9449FF9758748A021023C99EE02B59ABBB7B3C979A06DAEB4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.Z't.4tt.4tt.4t..0ux.4t..7ur.4t..1u.4t.3.t~.4t&.1ui.4t&.0ue.4t&.7u~.4t..5uw.4tt.5t).4t..0uu.4t..1uu.4t..4uu.4t...tu.4t..6uu.4tRicht.4t........PE..d.....6c.........." .....\..........o........................................ ............`.............................................d......(.......<.......\........k..........@...8............................................................................textbss.A...............................text....Z...`...\.................. ..`.rdata...@.......B...`..............@..@.data...............................@....pdata..X...........................@..@.idata..r............Z..............@..@.msvcjmc8............l..............@....00cfg...............n..............@..@.rsrc...<............p..............@..@.reloc..7............v..............@..B................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-IEG10.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):386976
                                                                                                                                                                                                                                                                        Entropy (8bit):6.870368063282166
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:359aKWK/HqY5AXeWEfv6TBr4udWNrzJD10P9TQmxhAIXiCUXEC+Y4r/w2MGkTkm/:J9WsHse9fvcBrnd8rzZ10eMhEChC+Ygi
                                                                                                                                                                                                                                                                        MD5:486237BC5FA41DCE8C3022B9B6221FE5
                                                                                                                                                                                                                                                                        SHA1:C00BA51895DEAB2054C6F0F7DD3CF397E119C6FE
                                                                                                                                                                                                                                                                        SHA-256:4E2C87700CCDD3B34215C6BC64AE4582AC5FF373CFD3E93E8F7D2016960BA80D
                                                                                                                                                                                                                                                                        SHA-512:5F4010D8F9B0C865DE209E90625F178C8A7370AF1F7BE85552147EBD9EE7D033B01DD5A277FB646E2D289D2821462ADBB0959E507CD0A044CE79CB1C526A385B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...;.6c...........!.....f...N......D.....................................................@..........................B......$F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..t............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-IFLQ7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3403192
                                                                                                                                                                                                                                                                        Entropy (8bit):6.035185815441339
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:ar2V9BrWblVbqS1+Cxz0MB95D//ocnaMo6WuDgRPZO/Y12y6Pu:aqV9BqzbqSR009StqG
                                                                                                                                                                                                                                                                        MD5:1C1630B241D5A6BE07BFBA2B3EA97A25
                                                                                                                                                                                                                                                                        SHA1:7203255D1A6021874D41A48FCD5719FD7034F34C
                                                                                                                                                                                                                                                                        SHA-256:526CDDD0D843F5984AC6CB98D28F22B090682C3A8704122B644EC8AE2C9A10E5
                                                                                                                                                                                                                                                                        SHA-512:BDDEDB575FEBF8C8103CFBB1981FD1D5F20D2E0F1D6F4252A98930D587420A69750DDC1BE46932CDF979B8633054321F462557D88349459E111BE43139BEFF4A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........3......./..... z..tN...j..0,.......................................@4.......4.......................................................2.......2..3... 0.......3..k..................................p...(.....................2..............................text... z.......|.................. ..`.data...tN.......P..................@....rdata...7....!..8....!.............@..@.pdata....... 0.......0.............@..@.bss.....j...02..........................CRT..........2.......2.............@....idata...;....2..<....2.............@....rsrc....3....2..4...L2.............@.../4...........04.......3.............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-ISRU8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):187288
                                                                                                                                                                                                                                                                        Entropy (8bit):6.46399109534477
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:XMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkEjOUkOG:XIQqrc7V5Trw6aBBcFk6CtbID4
                                                                                                                                                                                                                                                                        MD5:4A3B7C52EF32D936E3167EFC1E920AE6
                                                                                                                                                                                                                                                                        SHA1:D5D8DAA7A272547419132DDB6E666F7559DBAC04
                                                                                                                                                                                                                                                                        SHA-256:26EDE848DBA071EB76C0C0EF8E9D8AD1C53DFAB47CA9137ABC9D683032F06EBB
                                                                                                                                                                                                                                                                        SHA-512:36D7F8A0A749DE049A830CC8C8F0D3962D8DCE57B445F5F3C771A86DD11AAA10DA5F36F95E55D3DC90900E4DBDDD0DCC21052C53AA11F939DB691362C42E5312
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d../ .t| .t| .t|f.|..t|f.|_.t|f.|*.t|.B.|#.t| .u||.t|.#.|9.t|.#.|!.t|-.|!.t|.#.|!.t|Rich .t|................PE..d....d.W.........." ................t................................................f....`..........................................4.......:..(....................t...g..............8...........................p...p............................................text............................... ..`.rdata..(...........................@..@.data....K...P.......4..............@....pdata...............R..............@..@.rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-J4O9Q.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):308120
                                                                                                                                                                                                                                                                        Entropy (8bit):6.921402988579037
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:3QMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+XkO4qOT:3NJyTuxkC57IZEzGmT
                                                                                                                                                                                                                                                                        MD5:462322CC93E55016D5EA78B2B9823657
                                                                                                                                                                                                                                                                        SHA1:3E8E00B690A4370D6F2DFDCF730F2D3FDA4806A6
                                                                                                                                                                                                                                                                        SHA-256:AEDC048FCFEC594E7307E4730D850E5E0121820A76CA1A363F4A2E41D084F393
                                                                                                                                                                                                                                                                        SHA-512:A46E56130A8D1CA588D9935D98468543328B42492F1257157D2C7FD99AC341E8A22337AC2228AECF33A70913A7E7161B300BB458E1C07D5D0B94A7AA1DD72D79
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t.....q.q...y.W.P...y.i.b...y.V......D}.}...t...+....%R.\....%j.u...y.m.u....%h.u...Richt...........................PE..L...h.&V...........!.....p................................................................@.....................................d....P...............L...g...`..@E......8...............................@...............T............................text....o.......p.................. ..`.rdata...v.......x...t..............@..@.data....@..........................@....rsrc........P......................@..@.reloc..@E...`...F..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-JATIQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):205720
                                                                                                                                                                                                                                                                        Entropy (8bit):6.5406944146931805
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KNyaW1Pg7kFtOp8+vRha0DAyheYn13qaIhRFXOucMEx33sOZrcOo:KNyal78m8+vRMEe4a4OEtTi
                                                                                                                                                                                                                                                                        MD5:6E00495955D4EFAAC2E1602EB47033EE
                                                                                                                                                                                                                                                                        SHA1:95C2998D35ADCF2814EC7C056BFBE0A0EB6A100C
                                                                                                                                                                                                                                                                        SHA-256:5E24A5FE17EC001CAB7118328A4BFF0F2577BD057206C6C886C3B7FB98E0D6D9
                                                                                                                                                                                                                                                                        SHA-512:2004D1DEF322B6DD7B129FE4FA7BBE5D42AB280B2E9E81DE806F54313A7ED7231F71B62B6138AC767288FEE796092F3397E5390E858E06E55A69B0D00F18B866
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...G ........)...........0...............................@..........................................@.......P........................g......."......................................................h............................text... ........................... ..`.data........0......................@....rdata..._...P...`...*..............@..@.bss.....)...............................CRT................................@....idata..=...........................@....edata..@...........................@..@.reloc...".......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-K6NOS.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):399264
                                                                                                                                                                                                                                                                        Entropy (8bit):6.025523802176381
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:G0N02KsbnIU70vYrRHAjC0Y0glwgugEnoSE5jq:U2tIUYArRv0Y0glwgugEnoSE5jq
                                                                                                                                                                                                                                                                        MD5:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                                                                                        SHA1:6A7DAA7372E93C48758B9752C8A5A673B525632B
                                                                                                                                                                                                                                                                        SHA-256:E31B233DDF070798CC0381CC6285F6F79EA0C17B99737F7547618DCFD36CDC0E
                                                                                                                                                                                                                                                                        SHA-512:0139EFB76C2107D0497BE9910836D7C19329E4399AA8D46BBE17AE63D56AB73004C51B650CE38D79681C22C2D1B77078A7D7185431882BAF3E7BEF473AC95DCE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.......................P....)...-................@.......................... ..................................................d........................k..................................P.......................0................................text...P........................... ..`.data....).......*..................@....rdata.............................@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-KQIIG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2086
                                                                                                                                                                                                                                                                        Entropy (8bit):4.748005607182281
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:HZooJUJAimKakohOgM4TDB6liofD0x6g8W:HioemKakaOgM4J6l5C6g8W
                                                                                                                                                                                                                                                                        MD5:650C02FC9F949D14D62E32DD7A894F5E
                                                                                                                                                                                                                                                                        SHA1:FA5399B01AADD9F1A4A5632F8632711C186EC0DE
                                                                                                                                                                                                                                                                        SHA-256:C4D23DB8EFFB359B4AA4D1E1E480486FE3A4586CE8243397A94250627BA4F8CC
                                                                                                                                                                                                                                                                        SHA-512:F2CAAF604C271283FC7AF3AA9674B9D647C4AC53DFFCA031DBF1220D3ED2E867943F5409A95F41C61D716879BED7C888735F43A068F1CC1452B4196D611CB76D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview://credits: ms d3d tutorials which I hacked apart....Texture2D txDiffuse : register( t0 );..SamplerState samLinear : register( s0 );....cbuffer ConstantBuffer : register( b0 )..{....float4x4 rotation;.. float2 originpoint;...float2 translation;...float2 scaling;...float transparency;....float garbage;...}..........//--------------------------------------------------------------------------------------..struct VS_INPUT..{.. float4 Pos : POSITION;.. float2 Tex : TEXCOORD0;..};....struct PS_INPUT..{.. float4 Pos : SV_POSITION;.. float2 Tex : TEXCOORD0;..};......//--------------------------------------------------------------------------------------..// Vertex Shader..//--------------------------------------------------------------------------------------..PS_INPUT VS( VS_INPUT input )..{.... PS_INPUT r=input;.. float4 rp;........ r.Pos[0]-=originpoint[0];.. r.Pos[1]+=originpoint[1];.. r.Pos=mul(r.Pos, rotation);.... r.Pos[0]+=originpoint[0];.. r.Pos[

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-L2PUE.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.593562490537789
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:O18qyj/0fZMX/ferOk9OWtW2kdT0PgluBKd9cCkAl8F:O10/3er/X1Y4BKtJuF
                                                                                                                                                                                                                                                                        MD5:A4B42FDCA7043792CCC37C611DB21075
                                                                                                                                                                                                                                                                        SHA1:17CBF2EC6ECA6BD0CAF1DA78AF51D9F363151168
                                                                                                                                                                                                                                                                        SHA-256:8B8955524079508FEC59D396A891110660AE2486F24BC8BCBCDBCC975BB49AE7
                                                                                                                                                                                                                                                                        SHA-512:B6877F5B5B88A9B05A85F562D975A8820ACAC3773AA5FB91CEB1DA6C731C90C486A6AAF78DF6EDCF69B0EA74286DC7CC8FA2CBF98453539EFA55EC18D38116BB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...[0n...w+$.H'1,..t...).=s..Ds.......y....G2......wX+...W=............./X1AjF~G4...OD>....J.R."..S......0.Q[8....A..6.... ...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-LONV1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):456096
                                                                                                                                                                                                                                                                        Entropy (8bit):6.635086574093954
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:tTaB+hAvavjZihpuXh9js6zMxfdKCXbRRUsQHoh3+KZ+a3cnldkEBX/zrMMZKUjo:haBtvavY6XhNrzSk2gxQ3Wn7kw3o
                                                                                                                                                                                                                                                                        MD5:AA97F366592E0FA41D2D2F61765CA7D5
                                                                                                                                                                                                                                                                        SHA1:BE85DAF3B07E66225CD4167F96ED6292CCE54E1E
                                                                                                                                                                                                                                                                        SHA-256:D63036771F21AE7E056F2211CB560BFCF79ADE356B59D8F462050B2DD840E86C
                                                                                                                                                                                                                                                                        SHA-512:F16D3F899504EF556D186BEBE1A526D9999454AB60697CDE221130720AB8154003543A62C4E53124C902E51FCF62B653C914B316DA0E3766DF5026E386DD47CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......HJjD.+...+...+..iM...+..iM...+..iM...+.......+..^C...+..^C...+..^C...+..iM...+...+..S+...B...+...B...+...B...+...B...+..Rich.+..........................PE..d...3.6c.........." ................@P..............................................C.....`..........................................C......4G..(................3.......k......$... ...p............................................ ...............................text...p........................... ..`.rdata.../... ...0..................@..@.data...jX...P.......@..............@....pdata...3.......4...L..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-LPRC0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):262552
                                                                                                                                                                                                                                                                        Entropy (8bit):6.029187209935358
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:JViiO5Ea9m3XJusq4opSm7Im9SC2w/iKhF58jfq65bgusSVIRZOl0vDoD4CfOMsj:JVZcWJusRPm7kCdKfkkApZt
                                                                                                                                                                                                                                                                        MD5:19B2050B660A4F9FCB71C93853F2E79C
                                                                                                                                                                                                                                                                        SHA1:5FFA886FA019FCD20008E8820A0939C09A62407A
                                                                                                                                                                                                                                                                        SHA-256:5421B570FBC1165D7794C08279E311672DC4F42CB7AE1CBDDCD7EEA0B1136FFF
                                                                                                                                                                                                                                                                        SHA-512:A93E47387AB0D327B71C3045B3964C7586D0E03DDDB2E692F6671FB99659E829591D5F23CE7A95683D82D239BA7D11FB5A123834629A53DE5CE5DBA6AA714A9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...G O......h...`...............................................J^..................................................@.......P............`...-.......g..........................................................P................................text... O.......P.................. ..`.data........`.......T..............@....rdata..l............n..............@..@.pdata...-...`.......F..............@..@.bss....h................................CRT.................t..............@....idata...............v..............@....edata..@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-NGAGF.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):242616
                                                                                                                                                                                                                                                                        Entropy (8bit):6.432754517349666
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:Bj9mOBuELLZXBJPCR6ygny56rs+iO2AwCNCtALb44TPk3Ap1rleY/DptNH/P0uHV:fn7LhBJ9W56A+iOlfN/LbZnbptN0uZH
                                                                                                                                                                                                                                                                        MD5:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                                                                                        SHA1:4B5FD2F168380919524ECCE77AA1BE330FDEF57A
                                                                                                                                                                                                                                                                        SHA-256:65FA2CCB3AC5400DD92DDA5F640445A6E195DA7C827107260F67624D3EB95E7D
                                                                                                                                                                                                                                                                        SHA-512:29A0619093C4C0ECF602C861EC819EF16550C0607DF93067EAEF4259A84FD7D40EB88CD5548C0B3B265F3CE5237B585F508FDD543FA281737BE17C0551163BD4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........H..................$...t.................@.............................................................................d....................H...k..................................P.......................4................................text............................... ..`.data...$...........................@....rdata..............................@..@.bss....t....P...........................CRT.................,..............@....idata..............................@....rsrc................:..............@.../4......$............F..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-NGHF2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):161688
                                                                                                                                                                                                                                                                        Entropy (8bit):6.832669552984183
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:K3uc99F6AOdjfTOZztxlGWGXLQbcpNk6FowD6QcEY7Xjl5hf8keDQa/c7usWjcd6:K3ukXTNGp7+6zaEY7Zf/a0ye3ZoOvKOS
                                                                                                                                                                                                                                                                        MD5:DF443813546ABCEF7F33DD9FC0C6070A
                                                                                                                                                                                                                                                                        SHA1:635D2D453D48382824E44DD1E59D5C54D735EE2C
                                                                                                                                                                                                                                                                        SHA-256:D14911C838620251F7F64C190B04BB8F4E762318CC763D993C9179376228D8CA
                                                                                                                                                                                                                                                                        SHA-512:9F9BEA9112D9DB9BCECFC8E4800B7E8032EFB240CBBDDAF26C133B4CE12D27B47DC4E90BC339C561714BC972F6E809B2EC9C9E1FACC6C223FBAC66B089A14C25
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..U~...~...~...s...^...s.#.i...s.......w.o.}...~...'....v..g....v .....s.'......v".....Rich~...........................PE..L....d.W...........!.........................................................p......w.....@................................. ...(....@...................g...P..(...p...8...........................h...@...............4............................text............................... ..`.rdata...T.......V..................@..@.data... =..........................@....rsrc........@......................@..@.reloc..(....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-NR6FA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):541592
                                                                                                                                                                                                                                                                        Entropy (8bit):6.56379573889746
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
                                                                                                                                                                                                                                                                        MD5:B7C9F1E7E640F1A034BE84AF86970D45
                                                                                                                                                                                                                                                                        SHA1:F795DC3D781B9578A96C92658B9F95806FC9BDDE
                                                                                                                                                                                                                                                                        SHA-256:6D0A06B90213F082CB98950890518C0F08B9FC16DBFAB34D400267CB6CDADEFF
                                                                                                                                                                                                                                                                        SHA-512:DA63992B68F1112C0D6B33E6004F38E85B3C3E251E0D5457CD63804A49C5AA05AA23249E0614DACAD4FEC28CA6EFDB5DDEE06DA5BFBFA07E21942976201079F3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.............q.R.....q.P.....q.Q.....y......y......y.......i0............Vx......Vx......Vx\.....Vx......Rich............PE..d....w._.........." .................:....................................... ......&.....`.........................................0f..p....t..(................Q.......g......\.......p............................................................................text............................... ..`.rdata..............................@..@.data...8............n..............@....pdata...Q.......R...|..............@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-P71CB.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.561254441246199
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:OP/KrtviZQl8kimG0bj/xeRBtjajKdp2tAdNQL6aj:8/XQl823j5eRBtOjK2tGNe6aj
                                                                                                                                                                                                                                                                        MD5:735EAEA06DAE6CD67680127419FBA366
                                                                                                                                                                                                                                                                        SHA1:A38126141A4266CDBA17B22CBC4588D88CCFCEB5
                                                                                                                                                                                                                                                                        SHA-256:5A2D3E0F10E3701DFB251C3F270B00493CEAD1C3D1CEB34FF976D70C57DC1B58
                                                                                                                                                                                                                                                                        SHA-512:92374BDC99BDDDCC2A8B74049B9FF1623EE03B505BA2607E31301F95F2DF8EF3513ECAD4491E2B6B61934F64816E3E9AD3FA3B0914E96D6E55A4B4DF4ED5E028
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.....s.....N..-.........YI .....L.`0......H...Ko.Y....f....Z.pe....... ..)..3.Go...F..s.U.C....{../._U.}|.."*x..z..bn.D.>;....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-P76J3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3223968
                                                                                                                                                                                                                                                                        Entropy (8bit):6.338087367720092
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                                                                                        MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                                                                                        SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                                                                                        SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                                                                                        SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-PM6UG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):183200
                                                                                                                                                                                                                                                                        Entropy (8bit):6.842191242335636
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KAm/u5ImKJacvUOQC2mCDiGuTEG2BiERGNcCYOqtwyROYeoHVP0bkHnP0z:Niu5MJa9hZun2BiERaEwyOM2Qsz
                                                                                                                                                                                                                                                                        MD5:F1C9C9A8B035DA9385D88CA34CD49305
                                                                                                                                                                                                                                                                        SHA1:77E48F73C224949EC8BD8A32087609B7BF217E94
                                                                                                                                                                                                                                                                        SHA-256:4168D6408994A297665AEEA68ABB6C062D58EA00851751959557E7F8A8BAC17D
                                                                                                                                                                                                                                                                        SHA-512:D7BD2FC8592E18CA46CDF1DC74496CF3CB5EF991F4BD9E141DEEABA0F665E731A5953CAAF1CD39859817EB6D0C1B77700FE08EEED15320757B3FA36D798C4C7B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cK..'*..'*..'*....[.-*....Y..*..uB...*..uB..6*..uB..5*....X.=*....a.,*..'*..V*...C..!*...CU.&*...C..&*..Rich'*..................PE..L....(.c............................$U............@.................................(D....@..................................F..x....p...............`...k......d....7..p............................7..@............................................text............................... ..`.rdata..^...........................@..@.data........P.......@..............@....rsrc........p.......J..............@..@.reloc..d............L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-QC7DK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4210080
                                                                                                                                                                                                                                                                        Entropy (8bit):6.041283402178925
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:aMiOO5AqojVbq2s2Kyvzq/9E3piKR+77v5WiESldKtyQ6WuDgRPOjgy+OSijV:aMiOOaBbq2VVvnlykESip
                                                                                                                                                                                                                                                                        MD5:AEC662CEAE2C4D5ABAEEEE084D828582
                                                                                                                                                                                                                                                                        SHA1:A57CEB95E3FD3F8E8C59C0B7E913E2681B64751D
                                                                                                                                                                                                                                                                        SHA-256:2DD35A044D1291D593F1DA15C40FD124DA3E4D52D0D045EC61465B725E58079D
                                                                                                                                                                                                                                                                        SHA-512:FF28EB79795A6D4AD97A5C79CEB5314208C616BE7CC9196622B9BB2AB8149C6CAA166EED6165923DC8FA253A400422CBEE9E061E72DCF61CE66C700D1451AE7A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......#..m......-........................................@...... A......................................................@=.......=......0:.Ta....?..k..................................p.$.(....................O=..............................text.....#.......#................. ..`.data....m....$..n....#.............@....rdata.......p*......b*.............@..@.pdata..Ta...0:..b....:.............@..@.bss.........<..........................CRT.........0=......~<.............@....idata..@>...@=..@....<.............@....rsrc.........=.......<.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-QVTSQ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):443296
                                                                                                                                                                                                                                                                        Entropy (8bit):6.630155817797785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:bdQpG4IhjOSudLX4PGUGTdVwYr9ABfpMqYFOso5WMKYnTrLxWAld/wydfCigAA:apG4w5upwGTv9GWov1nlVAV
                                                                                                                                                                                                                                                                        MD5:0C7D89B75430A40824A5D7B79890324E
                                                                                                                                                                                                                                                                        SHA1:7E03E3D5386B1ED49104C3B35E44A545863BCBB9
                                                                                                                                                                                                                                                                        SHA-256:6B21B24279309F4117F8E39CDAF940F645C15D92442990A77655C8F898BB2227
                                                                                                                                                                                                                                                                        SHA-512:31453A2575FD7674AC7802DC8F740C79D357AD3464869F6EFD5E4A3892114EE9767715EBCA0D39E5B39CA8DA7BFED7E671D3EB24DBFB698C57ECA196D4FDFC85
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.mD............i.......i.......i........K......^.......^.......^.......i...........R...................................Rich............PE..d...8.6c.........." ................ %..............................................`{....`.........................................`........!..(................1...X...k...... .......p............................................................................text............................... ..`.rdata...).......*..................@..@.data...RX...0......................@....pdata...1.......2..................@..@.rsrc................N..............@..@.reloc.. ............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-RKUC8.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3208608
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4378051911330445
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:itwSHCeicAlYJhPx7Ur4+Kn8KTqeUrncXbvTCeVxkg8vL5V2zRkit6bch6WuDgR1:itwAf64swnNmnfsR3ccJkKSib
                                                                                                                                                                                                                                                                        MD5:0D4BDC37F5031A827B2877770974FE49
                                                                                                                                                                                                                                                                        SHA1:7D7D63F1CC49FB94D2FD59AF8A0BA89966CE0E07
                                                                                                                                                                                                                                                                        SHA-256:F3C536EC5307D71260FA5D6D70AC56A20A00DBC3FB785E0DEB4EF0F7DC66FC2E
                                                                                                                                                                                                                                                                        SHA-512:D1FAF9BCF6BBF6E458780F4D913BA600A5F987FF33BE8D24A1165F5BFA925B2D1DFFDAA6E666712D09D58478174BC2956877A4A60376F7773D1E818BB38A23E1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........................d...D....-.......0....@..........................@1.......1.......................................-...... ................0..k..................................P0......................8.-.\............................text............................... ..`.data...d....0......................@....rdata...=... %..>....%.............@..@.bss....D....`-..........................CRT..........-......F-.............@....idata.../....-..0...H-.............@....rsrc........ .......x-.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-SQ74J.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):140184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.5832665674944435
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
                                                                                                                                                                                                                                                                        MD5:61BA5199C4E601FA6340E46BEF0DFF2D
                                                                                                                                                                                                                                                                        SHA1:7C1A51D6D75B001BA1ACDE2ACB0919B939B392C3
                                                                                                                                                                                                                                                                        SHA-256:8783F06F7B123E16042BB0AF91FF196B698D3CD2AA930E3EA97CFC553D9FC0F4
                                                                                                                                                                                                                                                                        SHA-512:8CE180A622A5788BB66C5F3A4ABFDE62C858E86962F29091E9C157753088DDC826C67C51FF26567BFE2B75737897F14E6BB17EC89F52B525F6577097F1647D31
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.k6...e...e...e...e{..e...e...e...e9..e...e...e..e...e...es..e...e...e...e...e...e...eRich...e........PE..d...p..S.........." .....4...........b....................................... .......1....@......................................... ...b...D...P........................g......h...@S...............................................P...............................text....2.......4.................. ..`.rdata...L...P...N...8..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-TBN24.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):423328
                                                                                                                                                                                                                                                                        Entropy (8bit):6.077270660749132
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:gLJXTQOQV/MzZTixW5GmL7HOf0ADMTE21gFOpJz:Q+V/M9WWnL7HOf0ADMIuR
                                                                                                                                                                                                                                                                        MD5:8D487547F1664995E8C47EC2CA6D71FE
                                                                                                                                                                                                                                                                        SHA1:D29255653AE831F298A54C6FA142FB64E984E802
                                                                                                                                                                                                                                                                        SHA-256:F50BAF9DC3CD6B925758077EC85708DB2712999B9027CC632F57D1E6C588DF21
                                                                                                                                                                                                                                                                        SHA-512:79C230CFE8907DF9DA92607A2C1ACE0523A36C3A13296CB0265329208EDC453E293D7FBEDBD5410DECF81D20A7FE361FDEBDDADBC1DC63C96130B0BEDF5B1D8A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........6...2...................................................................................................p.......P..d................H.......k..........................................................LT...............................text............................... ..`.data....6.......8..................@....rdata...V...P...X...4..............@..@.pdata...H.......J..................@..@.bss.....2...............................CRT.........@......................@....idata.......P......................@....edata.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-TEE86.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16708024
                                                                                                                                                                                                                                                                        Entropy (8bit):6.11289505731243
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:196608:H/KthjnNWKtC5bqOrXSFjmnIQGQCW/4PRtYRN3Ticx8cP:fKthjnNWKtC5bqOrXSjmnxGQaTdy8c
                                                                                                                                                                                                                                                                        MD5:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                                                                                        SHA1:94A15930AAF99F12B349BE80924857673CDC8566
                                                                                                                                                                                                                                                                        SHA-256:8CAEF5000B57BCA014EF33E962DF4FCA21AEAD0664892724674619EF732440AD
                                                                                                                                                                                                                                                                        SHA-512:6FF910BB4912FEA1FA8FD91E47AE6348C8BF2EFF4F2F5F9EF646A775CA1ECFEF02C23F81BAF6FE2D0B0BDDA7617D91DF52E75DC6063E86EA0444B0538CBD4E6C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{.....@....=........@......................................!.......................................................P...............p..L........k..................................p.{.(....................i..H............................text.....{.......{................. ..`.data.........{.......{.............@....rdata...qa......ra................@..@.pdata..L....p.......F..............@..@.bss....@....0...........................CRT.........@......................@....idata...b...P...d..................@....rsrc............ ...d..............@.../4......(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-U2CT4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):99199
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9924368254113025
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:CGNxLS1cRzW1Dx15WXGNp7u4A3AP6ovMlJEyWYykDQdTkQRWMJv2kXWMFopxLZq5:QcFW1DdDrTP6o0jEyERskXepHqz9
                                                                                                                                                                                                                                                                        MD5:EC8679FCB11314E333F6518113F1D71E
                                                                                                                                                                                                                                                                        SHA1:F6642D2551238733324141810B12C964FFE3B518
                                                                                                                                                                                                                                                                        SHA-256:45CFE56AE9CBB58FC51700425A19771C87029F63CB1A96CB258AEBE6AEE9D37A
                                                                                                                                                                                                                                                                        SHA-512:71EF7CBACD90317D32B0E4E81F64B6A4BABF644A1391396E9FF6C000C902660CFE87E5A86DF456EF5FB2DE0E6688BBF0778AB917D98BC86FB81AEA658672B4DB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK.....}}|S.....m....B..k...U7.....Q.@..u.a...V.`...zz..6.~u..'.lCe...(i...2M)....dzK.F.m(.....4.....~....M..s...<.y.s.M.]>F.0..O,.0-..W.......?.....\......+.>..p].c.........9...@a......-\r...G.[......U....,c.R..1.>..O...53.fI)..7.2L..S..N..U.W..DD.|..,~...SJcz....z.,....*...4.Sz...t....lrb..G.P........}.....C..@.>..;t).......e...#.._..+.....c.i.....W......?.z..........-i.ui.U.......Z3....[.....O.b........I.....4..x.&n...h..4.bM.:M|.&.@./..h.VM|.&^.....Wk..h..i.k4....:M..o..5.:M.A.o....}.........fM|.&.U...o..wh.-..nM.....4.x@.?...5..x.&~Z..5..M<...j..M<..3...9M...5q.&....h..5.BM......i...u..|M|.&^../....2M.B._............h.k5.5.u..S...Wk.u.x.&..&.......7k.[4..6M|.&.C.oI..k./m|s.o..9....%.(.Mu..N-b..s/..!1.V.).s<~\....d...U...m..((...|._...{...y70/.A.X....b... ....@:..l3..tdT`....b...>Z*..!......~.'....G:XF...H\."....%...T.+^x~.....?b.......}S...0........+.9UP.l...........v.O..].?...6.....g1.s.i...,.0..[...<.C.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-UAG9R.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):135064
                                                                                                                                                                                                                                                                        Entropy (8bit):6.612681349758152
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:ZGrrgbU27p/nFdpF/vwFLUjh2v5VjObfSVMPFtE8PdYO3kOc:crk3ZFdpRYUjh2verh6
                                                                                                                                                                                                                                                                        MD5:2AF7AFE35AB4825E58F43434F5AE9A0F
                                                                                                                                                                                                                                                                        SHA1:B67C51CAD09B236AE859A77D0807669283D6342F
                                                                                                                                                                                                                                                                        SHA-256:7D82694094C1BBC586E554FA87A4B1ED6EBC9EB14902FD429824DCD501339722
                                                                                                                                                                                                                                                                        SHA-512:23B7C6DB0CB9C918AD9F28FA0E4E683C7E2495E89A136B75B7E1BE6380591DA61B6FB4F7248191F28FD3D80C4A391744A96434B4AB96B9531B5EBB0EC970B9D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nV..............................*%..........................Rich............PE..d...p..S.........." .....&...~......0\...............................................8....@.................................................l...<........................g......$....C...............................................@...............................text....%.......&.................. ..`.rdata..~K...@...L...*..............@..@.data....;...........v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..>...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-UASEP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.608714005689305
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:/toxN4m4GbUss7S2tY1wnwi9DU4liplagVMlWqOUFgaUSR708:Lm4GbnkSHunwlaiplNmlVOUaar08
                                                                                                                                                                                                                                                                        MD5:FE5E5B8B50F441DD772BFA1996AC744E
                                                                                                                                                                                                                                                                        SHA1:11D00533ADE98E94C7C6609F4E4B002A94CB440C
                                                                                                                                                                                                                                                                        SHA-256:A769BC72C97106722BF5CE8D76AFDC3EC54FC38931872B0637D8B7A281FFFE22
                                                                                                                                                                                                                                                                        SHA-512:559FB92A2C58B84AC1CDA6115AA175B0285EA98903EB1F6C91E3A0ECF39F6D667711F97D0EFF8CD98BA25256EC7B339E38D892A90186DB482587E1A80462A6EB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.^..'....'..d.]-+4.].....Q..m...bs...w.M.kTBU..5C...e.....].a..0.N+rF^.-..\......f...B).#H......XM....Ej`.q....I.3p...p:.(.Y

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-UUIGM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):271256
                                                                                                                                                                                                                                                                        Entropy (8bit):6.040002515360521
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:XcxPVJy83/NkY56owwouBQGsyTfkaiX6P0a:XkPV483FB56wsyTfkOJ
                                                                                                                                                                                                                                                                        MD5:F9C562B838A3C0620FB6EE46B20B554C
                                                                                                                                                                                                                                                                        SHA1:5095F54BE57622730698B5C92C61B124DFB3B944
                                                                                                                                                                                                                                                                        SHA-256:E08B035D0A894D8BEA64E67B1ED0BCE27567D417EAAA133E8B231F8A939E581D
                                                                                                                                                                                                                                                                        SHA-512:A20BC9A442C698C264FEF82AA743D9F3873227D7D55CB908E282FA1F5DCFF6B40C5B9CA7802576EF2F5A753FD1C534E9BE69464B29AF8EFEC8B019814B875296
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....d..t....-...........................................0.................................................................P........................g......h.......................................................0............................text....d.......f.................. ..`.data...t............j..............@....rdata..............................@..@.pdata...........0...`..............@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@....reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-V06UU.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36018
                                                                                                                                                                                                                                                                        Entropy (8bit):7.994007484272608
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:9vQvLQOAupOW0bBJ8RkEgh+zhlrKlfaMfToatTCCRFxg4Oaun:9Yv1bpOW0bBJ8goVUsMfcUvzOaun
                                                                                                                                                                                                                                                                        MD5:927EF77EFDA84808C9088632C76843E5
                                                                                                                                                                                                                                                                        SHA1:AA73E4C27F8A00DF4C9B8BD05088D483B5F8FF9B
                                                                                                                                                                                                                                                                        SHA-256:422A2989BABB5E9512C98B3FA24C4F5A0BA9A72C3C71A920C5F979316E1674C7
                                                                                                                                                                                                                                                                        SHA-512:98B6BA444008B5978D65FA83487465D700D6EEE721CE8990F1D2E034945F7650E7031E4B9E18C945FE81C6919E5213750DC4E2D86829988E25A3B237559E90E8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK......|T.0~v.$9I69.$.$@.`.F..%.!.$....]"$`.t]..p.`%.x...a....R.....^.X..B........6...j......3gw...{.....|...{..3.<3..3..<3)...g.8....q\3...s...=.K...d...?.h6,...<.m..P...<.H.......$e|.........0.hiE.#?Z...II..a.?<p1..s.......1....hc....M...;..6:X|..Y.yc.sob...A<.....[l..~....#t....x....q...........q1.<1Q...X....l.g...u.....S...l..b..F...}......>.:_2.c....H.|0LPs..G...5..}@z...3.u..~o]G".....]..c.:.}......5..?.k..V......?...D.....o.-.......[N.)...K|2..E.f...(3..I.#..E.....3...O.Gv.R.U.....&."..y9-5...4..!.q'......%...!..N-....d.r-U..3,..3........'.0;..h....G.....IN...M...x(.,`M...t.C...?.,4..+...@...4-.>....;>.x(..K.&.B...4.IR..@RK....$-....R..g.Z*4:...R.@...Ry.J..M.q.u.hb....s%....A.r...2S.. .;.v...&....h.......4.[.._..[b(ih..@.}zi..N.K.....'u..$i.V.BR.[....F.I.....A&..........e,..)...P.%.Ui..|.oP.B..0&../_..R..N..(3...(.~9....2z...a.h.[O.h...S..[..S..F...a..v...83E9....U..~.@..b#c.;..YN %..m....E1D.t.d 6......h%....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\is-VRN50.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):210336
                                                                                                                                                                                                                                                                        Entropy (8bit):6.575377720318411
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:vWMJUr2f2Im9kj/FqgmHpJ1/YCVuIB9Vxv7bn1UC9gfkCeEWHFP0jHzP0Q:vWc02f2R6FqgoJ1boIPRUsfGjQQ
                                                                                                                                                                                                                                                                        MD5:A2C0B5D0D9E5C2A2C774E8B587850447
                                                                                                                                                                                                                                                                        SHA1:C8AA4CB01676D57B34AAB22C7FD018B63DFF6892
                                                                                                                                                                                                                                                                        SHA-256:F0F3D0FAD632D9DDAC8FF0B4EAEC20094FA0F9ABDDF784954DFBB0723A997F21
                                                                                                                                                                                                                                                                        SHA-512:85F4AEB562424ABF0E2BC5EDE0CDF0052FBB15E7DF70F691C11B06171A8A45A6672C2C688CD5B6FFEBEE16C36FDAC7978E39CA04F8C29F75D588D2ACA3599395
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..........rZ.....rX.:..................rY....f.`..........(......(.T....(......Rich...........PE..d....(.c..........".................<X.........@....................................^.....`.................................................L...x........................k..............p...............................................(............................text............................... ..`.rdata..............................@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\How to add languages.txt (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1767
                                                                                                                                                                                                                                                                        Entropy (8bit):4.60229123925247
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:vWKOiRBBMn0KciKvm/QRQY0cCu9llVyZVkFNS5Ns:ZqsRWQb91/NS5Ns
                                                                                                                                                                                                                                                                        MD5:05E8F84A134363796895E8AB8089619A
                                                                                                                                                                                                                                                                        SHA1:D6925DDDE83B117D7310C4A257DD9EE444245612
                                                                                                                                                                                                                                                                        SHA-256:D8462C8704A83973632D5F38D36F7852BF78D8A81C43BBC2F5AC8FF3A4D8B658
                                                                                                                                                                                                                                                                        SHA-512:C63F273EDB9411AA15F6B0C94C5FDE7189A33DCBD50141BB85D3BD31A4A009B1E5F6CF93E10A4300A39F0431452C49070C37D5907965CE49CCB4CED4BFB70EBA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:create a language folder for your country (appropriate folder names are in the format of: en_US, nl_NL, ru_RU, etc...)..copy the .po files to the appropriate folder and then start editing ......Order of picking:.. if there is a cheatengine.po it will pick that, else cheatengine-x86_64.po and if that fails cheatengine-i386.po.. the 32-bit version can work perfectly fine with the 64-bit po.... Same for the tutorial......By default it picks the system language, but you can overide this by adding --LANG langstr or -l langstr to the parameters of Cheat Engine......editing po files...There are some po editing tools but you can also do it by hand..msgid contains the original string and msgstr contains the translated string...If msgstr is empty the original string will be shown....Certain strings are not present in the cheatengine.po file, but are present in lclstrconsts.po..The lclstrconsts.po file belongs to the LCL that the Cheat Engine GUI is build upon......Custom name for your transla

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\Java.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4485
                                                                                                                                                                                                                                                                        Entropy (8bit):4.847226854261297
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:IAK8957xHV03E5IDRH3Y8LUHPop+1dpmq3W2D40AujDHZYnAd9BaJ5:IqJ6EURIvOScBj01ZYnAzcH
                                                                                                                                                                                                                                                                        MD5:FC3504DD7281F478FA29530B4BDBC3D8
                                                                                                                                                                                                                                                                        SHA1:084D65DF95350C869D5DDEFB53C0436236FCF4C7
                                                                                                                                                                                                                                                                        SHA-256:162E0DE680FE0E8BCABB09F9D51259A1CE5F83B481BBFC32DE055E0C7CEFC33C
                                                                                                                                                                                                                                                                        SHA-512:FCDB7F5244DD8EFB6448BA15B621B49D5F24E0AD79A02C5F1F91664A9CDA2C548540961075FA819DCF7459602EFCC41C34670B32B0A16A6639E4598BF76BDA28
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: java-AAF..msgid "Auto assembler failed:"..msgstr ""....#: java-JEST..msgid "Java:eventserver terminated"..msgstr ""....#: java-JD..msgid "Java:Disconnected"..msgstr ""....#: java-JUER..msgid "Java:Unexpected event received"..msgstr ""....#: java-JEHT..msgid "Java:Event handler terminating"..msgstr ""....#: java-IJS..msgid "Invalid java signature"..msgstr ""....#: java-ARTANS..msgid "Array return types are not supported"..msgstr ""....#: java-PCDNM..msgid "Parameter count does not match"..msgstr ""....#: java-SWNS..msgid "Scantype was not set"..msgstr ""....#: java-Class..msgid "Class"..msgstr ""....#: java-Method..msgid "Method"..msgstr ""....#: java-Position..msgid "Position"..msgstr ""....#: java-MI..msgid "More info %s.%s(%d)"..msgstr ""....#: java-TDMATGV..msgid "The following methods accessed the given variable"..msgstr ""....#: java-results..msgid "results"..msgstr ""....#: java-OWWTJAILAS..msgid "java_find_what_writes only works when the jvmti agent is launched at start"..msg

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\SaveSessions.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):284
                                                                                                                                                                                                                                                                        Entropy (8bit):4.462768521135749
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:InTTzQ9vrJXm6D9AMXqnTzQ3Lz2oVX2aT5WnpXMZBhnpl:InT4O6D+Nn43PYaTVZ/
                                                                                                                                                                                                                                                                        MD5:684C9B4A3EE100B044C2BFB0EDD64919
                                                                                                                                                                                                                                                                        SHA1:9A8AC81C35F3EA58E97D3A083E3FECA83F01A0AA
                                                                                                                                                                                                                                                                        SHA-256:E4283FFAB471763663C189527C805C6985B92C252074727A41E304839C45AB91
                                                                                                                                                                                                                                                                        SHA-512:B15DCC949F588C612F3A92D0DEFED4CEA025C86ED4C27E8B3BDF52A218CDE913B89FF4079A419D068CA4EA2793534246A4D17EB25BA4A45D6F5A19639B300E37
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: SS-OaPF..msgid "Open a process first"..msgstr ""....#: SS-CESF..msgid "Cheat Engine Scan files"..msgstr ""....#: SS-OaPFDaS..msgid "Open a process first and do a scan"..msgstr ""....#: SS-SSS..msgid "Save scan session"..msgstr ""....#: SS-LSS..msgid "Load scan session"..msgstr ""

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\Tutorial-x86_64.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (516), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28896
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8485599257299
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:jObDfIDkxEV6uOssgT33Nm61682jD1gSuKlRr0ol425ESJoD/LmdSHdd+drGbzMz:jiDfISv9k+tjYo0ol4YOCU9d2mzMaq
                                                                                                                                                                                                                                                                        MD5:30F95F6B621C5619BCF23592F634DFE7
                                                                                                                                                                                                                                                                        SHA1:824308A98923960760C0E37C8411091A40A42ED0
                                                                                                                                                                                                                                                                        SHA-256:E10D0B9DF7A59FC657AAA4355B884E7905FDC009612D39C89CB8561CF6049C18
                                                                                                                                                                                                                                                                        SHA-512:70934880CD569D4B8179F1420EF7429571F92548B573C8D83A8FAE789D85EA7C79B59E9A4667515BEF03EA186B81961893E522743D7A1F19A8EDD755D85B1228
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: tform1.btnok.caption..msgctxt "tform1.btnok.caption"..msgid "OK"..msgstr ""....#: tform1.button1.caption..msgctxt "tform1.button1.caption"..msgid "Next"..msgstr ""....#: tform1.caption..msgid "Cheat Engine Tutorial v3.4"..msgstr ""....#: tform1.edtpassword.hint..msgid "Use this to go imeadiatly to the step you want to try"..msgstr ""....#: tform1.edtpassword.text..msgid "090453"..msgstr ""....#: tform1.label1.caption..msgid "Password"..msgstr ""....#: tform10.button3.caption..msgid "Restart game"..msgstr ""....#: tform10.button4.caption..msgctxt "tform10.button4.caption"..msgid "Attack"..msgstr ""....#: tform10.button5.caption..msgctxt "tform10.button5.caption"..msgid "Attack"..msgstr ""....#: tform10.button6.caption..msgctxt "tform10.button6.caption"..msgid "Restart game and autoplay"..msgstr ""....#: tform10.button7.caption..msgctxt "tform10.button7.caption"..msgid "Attack"..msgstr ""....#: tform10.button8.caption..msgc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\VersionCheck.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):772
                                                                                                                                                                                                                                                                        Entropy (8bit):5.014428182186076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:IxYsI/YaxIBqhAsSIebWFIIcGnIAqWIeyIwZ5GmyI48DqVpDYybxIqUcO:IxBaQDsabWFup5zvD6DnbbO
                                                                                                                                                                                                                                                                        MD5:F67F26AECAC8F570A9EB02F0929ABAC5
                                                                                                                                                                                                                                                                        SHA1:43DB5011E744CFD43E4446B73BEC1178FA55C80D
                                                                                                                                                                                                                                                                        SHA-256:A31280A8CF98B30556BD99B25781D09686E67D85C3EB89D42584832A18962AD0
                                                                                                                                                                                                                                                                        SHA-512:DA06E6DFCC7DCA2E9F6017D316B2EC685135C6FD0F5C4F0C83960D3C4A3C503CF9FF205D619BDA77987A36E789E78804FDDD7A9DF84562789D2CFE42A7EE6E0C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: VC-U2CVICNEL..msgid "Unable to check version (Invalid content, not enough lines)"..msgstr ""....#: VC-U2CVIC..msgid "Unable to check version (Invalid content)"..msgstr ""......#: VC-CFNV..msgid "Check for new version"..msgstr ""....#: VC-NCA..msgid "Cheat Engine %s is available at www.cheatengine.org. Go there now?"..msgstr ""......#: VC-UP2D..msgid "You are up to date. The latest version is %s"..msgstr ""....#: VC-WTF..msgid "Unable to check version (Can't connect)"..msgstr ""....#: VC-UPDATETO..msgid "Update to %s"..msgstr ""....#: VC-UPDATETO..msgid "In how many days should I notify you again?"..msgstr ""....#: VC-SETTINGS-TEXT..msgid "Check for updates when Cheat Engine starts"..msgstr ""......#: VC-INTERVAL..msgid "Interval(days):"..msgstr ""............

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\cheatengine-x86_64.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):453577
                                                                                                                                                                                                                                                                        Entropy (8bit):4.778949128243926
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:gZ44KYZGVK44SCYJs6xj6JnhYpMzqtBtnIgJ:o44Ki4FCYJHpMABtnr
                                                                                                                                                                                                                                                                        MD5:3260EDC88460A983A6796D746CFF2815
                                                                                                                                                                                                                                                                        SHA1:444DF138C1FF161D4CDE2FC134403F11D6294528
                                                                                                                                                                                                                                                                        SHA-256:C6414831A61EFB7872E4FA41C65646413A57EED6ECFCA307AFBF1D04FD5B5432
                                                                                                                                                                                                                                                                        SHA-512:28C4BD49669ED330FB9BE5D34016E7D557EA964F17E8B6B39700216A4698F3131AB6A42FC1C2065056CAF709A2A63FF630CDA3EC53F76C3768E62CB0D7E8D743
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: aboutunit.rsareyousureyouwanttolaunchdbvm..msgid "Are you sure you want to launch DBVM? You seem to be running in 32-bit, so don't really need it that badly (Except for ultimap and cloaked operations)"..msgstr ""....#: aboutunit.rsdidyoureallythinkyoudfindaneastereggbydoingthiswel..msgid "Did you really think you'd find an easter egg by doing this? Well, you know what? You where right!"..msgstr ""....#: aboutunit.rslaunchdbvmwasnotassigned..msgid "launchdbvm was not assigned"..msgstr ""....#: aboutunit.rsthismeansthatyourecurrentlynotrunningdbvm..msgid "This means that you're currently not running dbvm, but that your system is capable of running it"..msgstr ""....#: aboutunit.rsthismeansthatyoursystemisrunningdbvm..msgid "This means that your system is running dbvm. This means ce will make use of some advanced tools that are otherwise unavailable"..msgstr ""....#: aboutunit.rsthismeansthatyouwillneedanewcpuinteltobeableto

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-3GGR6.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4485
                                                                                                                                                                                                                                                                        Entropy (8bit):4.847226854261297
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:IAK8957xHV03E5IDRH3Y8LUHPop+1dpmq3W2D40AujDHZYnAd9BaJ5:IqJ6EURIvOScBj01ZYnAzcH
                                                                                                                                                                                                                                                                        MD5:FC3504DD7281F478FA29530B4BDBC3D8
                                                                                                                                                                                                                                                                        SHA1:084D65DF95350C869D5DDEFB53C0436236FCF4C7
                                                                                                                                                                                                                                                                        SHA-256:162E0DE680FE0E8BCABB09F9D51259A1CE5F83B481BBFC32DE055E0C7CEFC33C
                                                                                                                                                                                                                                                                        SHA-512:FCDB7F5244DD8EFB6448BA15B621B49D5F24E0AD79A02C5F1F91664A9CDA2C548540961075FA819DCF7459602EFCC41C34670B32B0A16A6639E4598BF76BDA28
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: java-AAF..msgid "Auto assembler failed:"..msgstr ""....#: java-JEST..msgid "Java:eventserver terminated"..msgstr ""....#: java-JD..msgid "Java:Disconnected"..msgstr ""....#: java-JUER..msgid "Java:Unexpected event received"..msgstr ""....#: java-JEHT..msgid "Java:Event handler terminating"..msgstr ""....#: java-IJS..msgid "Invalid java signature"..msgstr ""....#: java-ARTANS..msgid "Array return types are not supported"..msgstr ""....#: java-PCDNM..msgid "Parameter count does not match"..msgstr ""....#: java-SWNS..msgid "Scantype was not set"..msgstr ""....#: java-Class..msgid "Class"..msgstr ""....#: java-Method..msgid "Method"..msgstr ""....#: java-Position..msgid "Position"..msgstr ""....#: java-MI..msgid "More info %s.%s(%d)"..msgstr ""....#: java-TDMATGV..msgid "The following methods accessed the given variable"..msgstr ""....#: java-results..msgid "results"..msgstr ""....#: java-OWWTJAILAS..msgid "java_find_what_writes only works when the jvmti agent is launched at start"..msg

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-5FQ0P.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):772
                                                                                                                                                                                                                                                                        Entropy (8bit):5.014428182186076
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:IxYsI/YaxIBqhAsSIebWFIIcGnIAqWIeyIwZ5GmyI48DqVpDYybxIqUcO:IxBaQDsabWFup5zvD6DnbbO
                                                                                                                                                                                                                                                                        MD5:F67F26AECAC8F570A9EB02F0929ABAC5
                                                                                                                                                                                                                                                                        SHA1:43DB5011E744CFD43E4446B73BEC1178FA55C80D
                                                                                                                                                                                                                                                                        SHA-256:A31280A8CF98B30556BD99B25781D09686E67D85C3EB89D42584832A18962AD0
                                                                                                                                                                                                                                                                        SHA-512:DA06E6DFCC7DCA2E9F6017D316B2EC685135C6FD0F5C4F0C83960D3C4A3C503CF9FF205D619BDA77987A36E789E78804FDDD7A9DF84562789D2CFE42A7EE6E0C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: VC-U2CVICNEL..msgid "Unable to check version (Invalid content, not enough lines)"..msgstr ""....#: VC-U2CVIC..msgid "Unable to check version (Invalid content)"..msgstr ""......#: VC-CFNV..msgid "Check for new version"..msgstr ""....#: VC-NCA..msgid "Cheat Engine %s is available at www.cheatengine.org. Go there now?"..msgstr ""......#: VC-UP2D..msgid "You are up to date. The latest version is %s"..msgstr ""....#: VC-WTF..msgid "Unable to check version (Can't connect)"..msgstr ""....#: VC-UPDATETO..msgid "Update to %s"..msgstr ""....#: VC-UPDATETO..msgid "In how many days should I notify you again?"..msgstr ""....#: VC-SETTINGS-TEXT..msgid "Check for updates when Cheat Engine starts"..msgstr ""......#: VC-INTERVAL..msgid "Interval(days):"..msgstr ""............

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-7EOVH.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (516), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28896
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8485599257299
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:jObDfIDkxEV6uOssgT33Nm61682jD1gSuKlRr0ol425ESJoD/LmdSHdd+drGbzMz:jiDfISv9k+tjYo0ol4YOCU9d2mzMaq
                                                                                                                                                                                                                                                                        MD5:30F95F6B621C5619BCF23592F634DFE7
                                                                                                                                                                                                                                                                        SHA1:824308A98923960760C0E37C8411091A40A42ED0
                                                                                                                                                                                                                                                                        SHA-256:E10D0B9DF7A59FC657AAA4355B884E7905FDC009612D39C89CB8561CF6049C18
                                                                                                                                                                                                                                                                        SHA-512:70934880CD569D4B8179F1420EF7429571F92548B573C8D83A8FAE789D85EA7C79B59E9A4667515BEF03EA186B81961893E522743D7A1F19A8EDD755D85B1228
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: tform1.btnok.caption..msgctxt "tform1.btnok.caption"..msgid "OK"..msgstr ""....#: tform1.button1.caption..msgctxt "tform1.button1.caption"..msgid "Next"..msgstr ""....#: tform1.caption..msgid "Cheat Engine Tutorial v3.4"..msgstr ""....#: tform1.edtpassword.hint..msgid "Use this to go imeadiatly to the step you want to try"..msgstr ""....#: tform1.edtpassword.text..msgid "090453"..msgstr ""....#: tform1.label1.caption..msgid "Password"..msgstr ""....#: tform10.button3.caption..msgid "Restart game"..msgstr ""....#: tform10.button4.caption..msgctxt "tform10.button4.caption"..msgid "Attack"..msgstr ""....#: tform10.button5.caption..msgctxt "tform10.button5.caption"..msgid "Attack"..msgstr ""....#: tform10.button6.caption..msgctxt "tform10.button6.caption"..msgid "Restart game and autoplay"..msgstr ""....#: tform10.button7.caption..msgctxt "tform10.button7.caption"..msgid "Attack"..msgstr ""....#: tform10.button8.caption..msgc

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-D1IC7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):283
                                                                                                                                                                                                                                                                        Entropy (8bit):4.58883566118718
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:dc1MUMt3Y+j2ZSWF1iyFQFNHNTSoaOiXkq3cM8TcKDymRKCFWp4aq32vn:dc2LYKefEyBO/bMnE2zFv
                                                                                                                                                                                                                                                                        MD5:AF5ED8F4FE5370516403AE39200F5A4F
                                                                                                                                                                                                                                                                        SHA1:9299E9998A0605182683A58A5A6AB01A9B9BC037
                                                                                                                                                                                                                                                                        SHA-256:4AA4F0B75548D45C81D8E876E2DB1C74BDDFD64091F102706D729B50A7AF53A5
                                                                                                                                                                                                                                                                        SHA-512:F070049A2FAE3223861424E7FE79CBAE6601C9BEE6A56FADDE4485AD3C597DC1F3687E720177AB28564A1FAAB52B6679E9315F74327D02AA1FB31E7B8233A80F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:;If the --LANG parameter OR the LANG environment variable are not set and this inifile..;is present in this folder it will be used to pick the language...[Language]..;If preferedLanguage is kept empty CE will choose the language of your operating system instead..PreferedLanguage=*..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-IBEK7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3133
                                                                                                                                                                                                                                                                        Entropy (8bit):4.680373003343051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:IhHlcWZkIteIVcqUcTNqcNPnVSYQr6sbYuwGW:Ircee/qUpcV5QOsEuwGW
                                                                                                                                                                                                                                                                        MD5:5D6D7A6A5ADC10BB638B085FA47A5A00
                                                                                                                                                                                                                                                                        SHA1:C4A2D207F3002767844F1B6130F2DDAF6F45A7F9
                                                                                                                                                                                                                                                                        SHA-256:37D28D4690BD14D15D9E2198610C7F7DED33DC7D118A1B8BDC2C32FFD0D92C74
                                                                                                                                                                                                                                                                        SHA-512:8DC87E314AFEE056F7D6D384F823F71DD5D3802CD0ADEEEAE5FF856D1E9068A8E981E1F588733C8948FB1B824285F7F093B6CB35DAC872327D645CA3912E2A5B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: pseudocodediagram-file..msgid "File"..msgstr ""....#: pseudocodediagram-lff..msgid "Load from file"..msgstr ""....#: pseudocodediagram-stfywto..msgid "Select the file you wish to open"..msgstr ""....#: pseudocodediagram-dfcc..msgid "Diagram files (*.CEDIAG )|*.CEDIAG"..msgstr ""....#: pseudocodediagram-stf..msgid "Save to file"..msgstr ""....#: pseudocodediagram-fitfywtstda..msgid "Fill in the filename you wish to save this diagram as"..msgstr ""....#: pseudocodediagram-sdti..msgid "Save diagram to image"..msgstr ""....#: pseudocodediagram-fitfywtstdi..msgid "Fill in the filename you wish to save this diagram image"..msgstr ""....#: pseudocodediagram-pfpp..msgid "PNG files (*.PNG )|*.PNG"..msgstr ""....#: pseudocodediagram-close..msgid "Close"..msgstr ""....#: pseudocodediagram-display..msgid "Display"..msgstr ""....#: pseudocodediagram-spfu2oc..msgid "Show path from Ultimap1/2 or Codefilter"..msgstr ""....#: pseudocodediagram-spftw..msgid "Show path from tracer window"..msgstr ""..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-KRF7B.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1044
                                                                                                                                                                                                                                                                        Entropy (8bit):4.607911901797074
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:SyKwrQRrYuB24kEiVmSoUiEY0M6zrvLB/Nt:f224kfVLNNt
                                                                                                                                                                                                                                                                        MD5:9924B578270AB864E800BF38B2FA65BE
                                                                                                                                                                                                                                                                        SHA1:65174EA0E3FA382BBCF7DEEB2E5F5C74AA0E51F4
                                                                                                                                                                                                                                                                        SHA-256:16EC4573AE731BC32397874599F2E2FED68BAEE932F23DA6DDDDCE99917B8D70
                                                                                                                                                                                                                                                                        SHA-512:C27B43A3944BF9A9B6A6E88FEAF0BA40C84364580015420075EF89131A23586B7FF2908A2992CA0FFC7BC928ABA12A0B111260A592A479DDF97B46375D772714
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.#: patchscan-nave..msgid "Not a valid executable"..msgstr ""....#: patchscan-navwe..msgid "Not a valid windows executable"..msgstr ""....#: patchscan-ttomicns..msgid "This type of module is currently not supported"..msgstr ""....#: patchscan-ce..msgid "Compare error. "..msgstr ""....#: patchscan-ml..msgid "Module List"..msgstr ""....#: patchscan-stmtsfp..msgid "Select the modules to scan for patches. Hold shift/ctrl to select multiple modules"..msgstr ""....#: patchscan-ok..msgid " OK "..msgstr ""....#: patchscan-cancel..msgid "Cancel"..msgstr ""....#: patchscan-scanning..msgid "Scanning: %s"..msgstr ""....#: patchscan-ei..msgid "Error in "..msgstr ""....#: patchscan-pl..msgid "Patch list"..msgstr ""....#: patchscan-address..msgid "Address"..msgstr ""....#: patchscan-original..msgid "Original"..msgstr ""....#: patchscan-patched..msgid "Patched"..msgstr ""....#: patchscan-rwo..msgid "Restore with original"..msgstr ""....#: patchscan-rp..msgid "Reapply patch"..msgstr ""....#: patchs

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-L7MP3.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1767
                                                                                                                                                                                                                                                                        Entropy (8bit):4.60229123925247
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:vWKOiRBBMn0KciKvm/QRQY0cCu9llVyZVkFNS5Ns:ZqsRWQb91/NS5Ns
                                                                                                                                                                                                                                                                        MD5:05E8F84A134363796895E8AB8089619A
                                                                                                                                                                                                                                                                        SHA1:D6925DDDE83B117D7310C4A257DD9EE444245612
                                                                                                                                                                                                                                                                        SHA-256:D8462C8704A83973632D5F38D36F7852BF78D8A81C43BBC2F5AC8FF3A4D8B658
                                                                                                                                                                                                                                                                        SHA-512:C63F273EDB9411AA15F6B0C94C5FDE7189A33DCBD50141BB85D3BD31A4A009B1E5F6CF93E10A4300A39F0431452C49070C37D5907965CE49CCB4CED4BFB70EBA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:create a language folder for your country (appropriate folder names are in the format of: en_US, nl_NL, ru_RU, etc...)..copy the .po files to the appropriate folder and then start editing ......Order of picking:.. if there is a cheatengine.po it will pick that, else cheatengine-x86_64.po and if that fails cheatengine-i386.po.. the 32-bit version can work perfectly fine with the 64-bit po.... Same for the tutorial......By default it picks the system language, but you can overide this by adding --LANG langstr or -l langstr to the parameters of Cheat Engine......editing po files...There are some po editing tools but you can also do it by hand..msgid contains the original string and msgstr contains the translated string...If msgstr is empty the original string will be shown....Certain strings are not present in the cheatengine.po file, but are present in lclstrconsts.po..The lclstrconsts.po file belongs to the LCL that the Cheat Engine GUI is build upon......Custom name for your transla

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-NPLE1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (407), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):31373
                                                                                                                                                                                                                                                                        Entropy (8bit):4.738121487849168
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:gyw0FrKFidHPeeMV6uSsX5Ipahgjmg7vxAP7:gyFKFwPume5Ipaum7
                                                                                                                                                                                                                                                                        MD5:B16C41734CCB91D59D6EFD720B8CC5C2
                                                                                                                                                                                                                                                                        SHA1:894641756D69268F40A97A659E7FEC6422424D74
                                                                                                                                                                                                                                                                        SHA-256:D4940DFF786E4B3C2DFE9B0518B64B91A2B8C0F0B8185E2B4CF7784E615F20A1
                                                                                                                                                                                                                                                                        SHA-512:C38458F79B2A651065C31602BBC9C230C49E1567254A5D044E9A94FE9DC63B19B0EABFE7446688E58F843FEB65CF290453B3E8BFB800EEBF1459A4134C0CFBB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "".."MIME-Version: 1.0\n".."Content-Type: text/plain; charset=UTF-8\n".."Content-Transfer-Encoding: 8bit\n"....#: lclstrconsts.hhshelpbrowsernotexecutable..msgid "Browser %s%s%s not executable."..msgstr ""....#: lclstrconsts.hhshelpbrowsernotfound..msgid "Browser %s%s%s not found."..msgstr ""....#: lclstrconsts.hhshelperrorwhileexecuting..msgid "Error while executing %s%s%s:%s%s"..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfound..msgid "Unable to find a HTML browser."..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfoundpleasedefineoneinhelpconfigurehe..msgid "No HTML Browser found.%sPlease define one in Environment -> Options -> Help -> Help Options"..msgstr ""....#: lclstrconsts.hhshelpthehelpdatabasewasunabletofindfile..msgid "The help database %s%s%s was unable to find file %s%s%s."..msgstr ""....#: lclstrconsts.hhshelpthemacrosinbrowserparamswillbereplacedbytheurl..msgid "The macro %s in BrowserParams will be replaced by the URL."..msgstr ""....#: lclstrco

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-P39QR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):284
                                                                                                                                                                                                                                                                        Entropy (8bit):4.462768521135749
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:InTTzQ9vrJXm6D9AMXqnTzQ3Lz2oVX2aT5WnpXMZBhnpl:InT4O6D+Nn43PYaTVZ/
                                                                                                                                                                                                                                                                        MD5:684C9B4A3EE100B044C2BFB0EDD64919
                                                                                                                                                                                                                                                                        SHA1:9A8AC81C35F3EA58E97D3A083E3FECA83F01A0AA
                                                                                                                                                                                                                                                                        SHA-256:E4283FFAB471763663C189527C805C6985B92C252074727A41E304839C45AB91
                                                                                                                                                                                                                                                                        SHA-512:B15DCC949F588C612F3A92D0DEFED4CEA025C86ED4C27E8B3BDF52A218CDE913B89FF4079A419D068CA4EA2793534246A4D17EB25BA4A45D6F5A19639B300E37
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: SS-OaPF..msgid "Open a process first"..msgstr ""....#: SS-CESF..msgid "Cheat Engine Scan files"..msgstr ""....#: SS-OaPFDaS..msgid "Open a process first and do a scan"..msgstr ""....#: SS-SSS..msgid "Save scan session"..msgstr ""....#: SS-LSS..msgid "Load scan session"..msgstr ""

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-QF8HR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2438
                                                                                                                                                                                                                                                                        Entropy (8bit):4.816958401157341
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:InNN5uwDdugIWruZxDNj9kospRbxaq2lSZeu2H7phQpo1TMAFpRvbubzb/PdQQiN:InJbxugIWSPNj9kospFxV2lSZeZH7/nR
                                                                                                                                                                                                                                                                        MD5:5194E6AAC00716CEB7498A8263ABDB03
                                                                                                                                                                                                                                                                        SHA1:D249CC96E60A36B0B9DA99D69903BD81D3F32C8F
                                                                                                                                                                                                                                                                        SHA-256:3842AF13D8462A02E6F3A8B3B5C3079EAF1081B030415287F67F10FB6F622109
                                                                                                                                                                                                                                                                        SHA-512:A7F89289E3A8827367E827A29224FEC0CC9D8699A082D592F372E13FB413BFD8B837A8313AD6530FA4BB6409E06A85BDBA890CE00B00DC7FF3FCF873F7F0EF4F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: monoscript-FITM..msgid "Failure injecting the MonoDatacollector dll"..msgstr ""....#: monoscript-DYWTL..msgid "Do you wish to let the mono extention figure out the name and start address? If it's not a proper object this may crash the target."..msgstr ""....#: monoscript-IO..msgid "Instances of "..msgstr ""....#: monoscript-WTAJG..msgid "Warning: These are just guesses. Validate them yourself"..msgstr ""....#: monoscript-AN..msgid "address==nil"..msgstr ""....#: monoscript-Invoke..msgid "Invoke "..msgstr ""....#: monoscript-IA..msgid "Instance address"..msgstr ""....#: monoscript-PW..msgid "<Please wait...>"..msgstr ""....#: monoscript-Parameters..msgid "Parameters"..msgstr ""....#: monoscript-OK..msgid "OK"..msgstr ""....#: monoscript-Cancel..msgid "Cancel"..msgstr ""....#: monoscript-Parameter..msgid "parameter "..msgstr ""....#: monoscript-INAVA..msgid " is not a valid address"..msgstr ""....#: monoscript-INAVV..msgid "is not a valid value"..msgstr ""....#: monoscript-IFT..msgid

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\is-V69K2.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):453577
                                                                                                                                                                                                                                                                        Entropy (8bit):4.778949128243926
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:gZ44KYZGVK44SCYJs6xj6JnhYpMzqtBtnIgJ:o44Ki4FCYJHpMABtnr
                                                                                                                                                                                                                                                                        MD5:3260EDC88460A983A6796D746CFF2815
                                                                                                                                                                                                                                                                        SHA1:444DF138C1FF161D4CDE2FC134403F11D6294528
                                                                                                                                                                                                                                                                        SHA-256:C6414831A61EFB7872E4FA41C65646413A57EED6ECFCA307AFBF1D04FD5B5432
                                                                                                                                                                                                                                                                        SHA-512:28C4BD49669ED330FB9BE5D34016E7D557EA964F17E8B6B39700216A4698F3131AB6A42FC1C2065056CAF709A2A63FF630CDA3EC53F76C3768E62CB0D7E8D743
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: aboutunit.rsareyousureyouwanttolaunchdbvm..msgid "Are you sure you want to launch DBVM? You seem to be running in 32-bit, so don't really need it that badly (Except for ultimap and cloaked operations)"..msgstr ""....#: aboutunit.rsdidyoureallythinkyoudfindaneastereggbydoingthiswel..msgid "Did you really think you'd find an easter egg by doing this? Well, you know what? You where right!"..msgstr ""....#: aboutunit.rslaunchdbvmwasnotassigned..msgid "launchdbvm was not assigned"..msgstr ""....#: aboutunit.rsthismeansthatyourecurrentlynotrunningdbvm..msgid "This means that you're currently not running dbvm, but that your system is capable of running it"..msgstr ""....#: aboutunit.rsthismeansthatyoursystemisrunningdbvm..msgid "This means that your system is running dbvm. This means ce will make use of some advanced tools that are otherwise unavailable"..msgstr ""....#: aboutunit.rsthismeansthatyouwillneedanewcpuinteltobeableto

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\language.ini (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):283
                                                                                                                                                                                                                                                                        Entropy (8bit):4.58883566118718
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:dc1MUMt3Y+j2ZSWF1iyFQFNHNTSoaOiXkq3cM8TcKDymRKCFWp4aq32vn:dc2LYKefEyBO/bMnE2zFv
                                                                                                                                                                                                                                                                        MD5:AF5ED8F4FE5370516403AE39200F5A4F
                                                                                                                                                                                                                                                                        SHA1:9299E9998A0605182683A58A5A6AB01A9B9BC037
                                                                                                                                                                                                                                                                        SHA-256:4AA4F0B75548D45C81D8E876E2DB1C74BDDFD64091F102706D729B50A7AF53A5
                                                                                                                                                                                                                                                                        SHA-512:F070049A2FAE3223861424E7FE79CBAE6601C9BEE6A56FADDE4485AD3C597DC1F3687E720177AB28564A1FAAB52B6679E9315F74327D02AA1FB31E7B8233A80F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:;If the --LANG parameter OR the LANG environment variable are not set and this inifile..;is present in this folder it will be used to pick the language...[Language]..;If preferedLanguage is kept empty CE will choose the language of your operating system instead..PreferedLanguage=*..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\lclstrconsts.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with very long lines (407), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):31373
                                                                                                                                                                                                                                                                        Entropy (8bit):4.738121487849168
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:gyw0FrKFidHPeeMV6uSsX5Ipahgjmg7vxAP7:gyFKFwPume5Ipaum7
                                                                                                                                                                                                                                                                        MD5:B16C41734CCB91D59D6EFD720B8CC5C2
                                                                                                                                                                                                                                                                        SHA1:894641756D69268F40A97A659E7FEC6422424D74
                                                                                                                                                                                                                                                                        SHA-256:D4940DFF786E4B3C2DFE9B0518B64B91A2B8C0F0B8185E2B4CF7784E615F20A1
                                                                                                                                                                                                                                                                        SHA-512:C38458F79B2A651065C31602BBC9C230C49E1567254A5D044E9A94FE9DC63B19B0EABFE7446688E58F843FEB65CF290453B3E8BFB800EEBF1459A4134C0CFBB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:msgid ""..msgstr "".."MIME-Version: 1.0\n".."Content-Type: text/plain; charset=UTF-8\n".."Content-Transfer-Encoding: 8bit\n"....#: lclstrconsts.hhshelpbrowsernotexecutable..msgid "Browser %s%s%s not executable."..msgstr ""....#: lclstrconsts.hhshelpbrowsernotfound..msgid "Browser %s%s%s not found."..msgstr ""....#: lclstrconsts.hhshelperrorwhileexecuting..msgid "Error while executing %s%s%s:%s%s"..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfound..msgid "Unable to find a HTML browser."..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfoundpleasedefineoneinhelpconfigurehe..msgid "No HTML Browser found.%sPlease define one in Environment -> Options -> Help -> Help Options"..msgstr ""....#: lclstrconsts.hhshelpthehelpdatabasewasunabletofindfile..msgid "The help database %s%s%s was unable to find file %s%s%s."..msgstr ""....#: lclstrconsts.hhshelpthemacrosinbrowserparamswillbereplacedbytheurl..msgid "The macro %s in BrowserParams will be replaced by the URL."..msgstr ""....#: lclstrco

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\monoscript.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2438
                                                                                                                                                                                                                                                                        Entropy (8bit):4.816958401157341
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:InNN5uwDdugIWruZxDNj9kospRbxaq2lSZeu2H7phQpo1TMAFpRvbubzb/PdQQiN:InJbxugIWSPNj9kospFxV2lSZeZH7/nR
                                                                                                                                                                                                                                                                        MD5:5194E6AAC00716CEB7498A8263ABDB03
                                                                                                                                                                                                                                                                        SHA1:D249CC96E60A36B0B9DA99D69903BD81D3F32C8F
                                                                                                                                                                                                                                                                        SHA-256:3842AF13D8462A02E6F3A8B3B5C3079EAF1081B030415287F67F10FB6F622109
                                                                                                                                                                                                                                                                        SHA-512:A7F89289E3A8827367E827A29224FEC0CC9D8699A082D592F372E13FB413BFD8B837A8313AD6530FA4BB6409E06A85BDBA890CE00B00DC7FF3FCF873F7F0EF4F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: monoscript-FITM..msgid "Failure injecting the MonoDatacollector dll"..msgstr ""....#: monoscript-DYWTL..msgid "Do you wish to let the mono extention figure out the name and start address? If it's not a proper object this may crash the target."..msgstr ""....#: monoscript-IO..msgid "Instances of "..msgstr ""....#: monoscript-WTAJG..msgid "Warning: These are just guesses. Validate them yourself"..msgstr ""....#: monoscript-AN..msgid "address==nil"..msgstr ""....#: monoscript-Invoke..msgid "Invoke "..msgstr ""....#: monoscript-IA..msgid "Instance address"..msgstr ""....#: monoscript-PW..msgid "<Please wait...>"..msgstr ""....#: monoscript-Parameters..msgid "Parameters"..msgstr ""....#: monoscript-OK..msgid "OK"..msgstr ""....#: monoscript-Cancel..msgid "Cancel"..msgstr ""....#: monoscript-Parameter..msgid "parameter "..msgstr ""....#: monoscript-INAVA..msgid " is not a valid address"..msgstr ""....#: monoscript-INAVV..msgid "is not a valid value"..msgstr ""....#: monoscript-IFT..msgid

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\patchscan.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1044
                                                                                                                                                                                                                                                                        Entropy (8bit):4.607911901797074
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:SyKwrQRrYuB24kEiVmSoUiEY0M6zrvLB/Nt:f224kfVLNNt
                                                                                                                                                                                                                                                                        MD5:9924B578270AB864E800BF38B2FA65BE
                                                                                                                                                                                                                                                                        SHA1:65174EA0E3FA382BBCF7DEEB2E5F5C74AA0E51F4
                                                                                                                                                                                                                                                                        SHA-256:16EC4573AE731BC32397874599F2E2FED68BAEE932F23DA6DDDDCE99917B8D70
                                                                                                                                                                                                                                                                        SHA-512:C27B43A3944BF9A9B6A6E88FEAF0BA40C84364580015420075EF89131A23586B7FF2908A2992CA0FFC7BC928ABA12A0B111260A592A479DDF97B46375D772714
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.#: patchscan-nave..msgid "Not a valid executable"..msgstr ""....#: patchscan-navwe..msgid "Not a valid windows executable"..msgstr ""....#: patchscan-ttomicns..msgid "This type of module is currently not supported"..msgstr ""....#: patchscan-ce..msgid "Compare error. "..msgstr ""....#: patchscan-ml..msgid "Module List"..msgstr ""....#: patchscan-stmtsfp..msgid "Select the modules to scan for patches. Hold shift/ctrl to select multiple modules"..msgstr ""....#: patchscan-ok..msgid " OK "..msgstr ""....#: patchscan-cancel..msgid "Cancel"..msgstr ""....#: patchscan-scanning..msgid "Scanning: %s"..msgstr ""....#: patchscan-ei..msgid "Error in "..msgstr ""....#: patchscan-pl..msgid "Patch list"..msgstr ""....#: patchscan-address..msgid "Address"..msgstr ""....#: patchscan-original..msgid "Original"..msgstr ""....#: patchscan-patched..msgid "Patched"..msgstr ""....#: patchscan-rwo..msgid "Restore with original"..msgstr ""....#: patchscan-rp..msgid "Reapply patch"..msgstr ""....#: patchs

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\languages\pseudocodediagram.po (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3133
                                                                                                                                                                                                                                                                        Entropy (8bit):4.680373003343051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:IhHlcWZkIteIVcqUcTNqcNPnVSYQr6sbYuwGW:Ircee/qUpcV5QOsEuwGW
                                                                                                                                                                                                                                                                        MD5:5D6D7A6A5ADC10BB638B085FA47A5A00
                                                                                                                                                                                                                                                                        SHA1:C4A2D207F3002767844F1B6130F2DDAF6F45A7F9
                                                                                                                                                                                                                                                                        SHA-256:37D28D4690BD14D15D9E2198610C7F7DED33DC7D118A1B8BDC2C32FFD0D92C74
                                                                                                                                                                                                                                                                        SHA-512:8DC87E314AFEE056F7D6D384F823F71DD5D3802CD0ADEEEAE5FF856D1E9068A8E981E1F588733C8948FB1B824285F7F093B6CB35DAC872327D645CA3912E2A5B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:#: pseudocodediagram-file..msgid "File"..msgstr ""....#: pseudocodediagram-lff..msgid "Load from file"..msgstr ""....#: pseudocodediagram-stfywto..msgid "Select the file you wish to open"..msgstr ""....#: pseudocodediagram-dfcc..msgid "Diagram files (*.CEDIAG )|*.CEDIAG"..msgstr ""....#: pseudocodediagram-stf..msgid "Save to file"..msgstr ""....#: pseudocodediagram-fitfywtstda..msgid "Fill in the filename you wish to save this diagram as"..msgstr ""....#: pseudocodediagram-sdti..msgid "Save diagram to image"..msgstr ""....#: pseudocodediagram-fitfywtstdi..msgid "Fill in the filename you wish to save this diagram image"..msgstr ""....#: pseudocodediagram-pfpp..msgid "PNG files (*.PNG )|*.PNG"..msgstr ""....#: pseudocodediagram-close..msgid "Close"..msgstr ""....#: pseudocodediagram-display..msgid "Display"..msgstr ""....#: pseudocodediagram-spfu2oc..msgid "Show path from Ultimap1/2 or Codefilter"..msgstr ""....#: pseudocodediagram-spftw..msgid "Show path from tracer window"..msgstr ""..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):161688
                                                                                                                                                                                                                                                                        Entropy (8bit):6.832669552984183
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:K3uc99F6AOdjfTOZztxlGWGXLQbcpNk6FowD6QcEY7Xjl5hf8keDQa/c7usWjcd6:K3ukXTNGp7+6zaEY7Zf/a0ye3ZoOvKOS
                                                                                                                                                                                                                                                                        MD5:DF443813546ABCEF7F33DD9FC0C6070A
                                                                                                                                                                                                                                                                        SHA1:635D2D453D48382824E44DD1E59D5C54D735EE2C
                                                                                                                                                                                                                                                                        SHA-256:D14911C838620251F7F64C190B04BB8F4E762318CC763D993C9179376228D8CA
                                                                                                                                                                                                                                                                        SHA-512:9F9BEA9112D9DB9BCECFC8E4800B7E8032EFB240CBBDDAF26C133B4CE12D27B47DC4E90BC339C561714BC972F6E809B2EC9C9E1FACC6C223FBAC66B089A14C25
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..U~...~...~...s...^...s.#.i...s.......w.o.}...~...'....v..g....v .....s.'......v".....Rich~...........................PE..L....d.W...........!.........................................................p......w.....@................................. ...(....@...................g...P..(...p...8...........................h...@...............4............................text............................... ..`.rdata...T.......V..................@..@.data... =..........................@....rsrc........@......................@..@.reloc..(....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):187288
                                                                                                                                                                                                                                                                        Entropy (8bit):6.46399109534477
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:XMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkEjOUkOG:XIQqrc7V5Trw6aBBcFk6CtbID4
                                                                                                                                                                                                                                                                        MD5:4A3B7C52EF32D936E3167EFC1E920AE6
                                                                                                                                                                                                                                                                        SHA1:D5D8DAA7A272547419132DDB6E666F7559DBAC04
                                                                                                                                                                                                                                                                        SHA-256:26EDE848DBA071EB76C0C0EF8E9D8AD1C53DFAB47CA9137ABC9D683032F06EBB
                                                                                                                                                                                                                                                                        SHA-512:36D7F8A0A749DE049A830CC8C8F0D3962D8DCE57B445F5F3C771A86DD11AAA10DA5F36F95E55D3DC90900E4DBDDD0DCC21052C53AA11F939DB691362C42E5312
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d../ .t| .t| .t|f.|..t|f.|_.t|f.|*.t|.B.|#.t| .u||.t|.#.|9.t|.#.|!.t|-.|!.t|.#.|!.t|Rich .t|................PE..d....d.W.........." ................t................................................f....`..........................................4.......:..(....................t...g..............8...........................p...p............................................text............................... ..`.rdata..(...........................@..@.data....K...P.......4..............@....pdata...............R..............@..@.rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\libiptlicense.txt (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1491
                                                                                                                                                                                                                                                                        Entropy (8bit):5.150461183336365
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:c3UnepmoqbOOrYFlrJYrYFIzLQ9Zonc432smXOkuEWRO632s3yOtTf1p13to+Zqh:xOOrYj2rYCzeqnc432sem32s3xtD13tQ
                                                                                                                                                                                                                                                                        MD5:1EE5923E90E9DB03EF80F6DA5C14FB7B
                                                                                                                                                                                                                                                                        SHA1:BCB456DB885C932605F4DCFFABBF771BC7CB5C41
                                                                                                                                                                                                                                                                        SHA-256:1A971954CD09C202E73E625329EE4DDF7291C7C0E155A1086DA7FAAC1957C94B
                                                                                                                                                                                                                                                                        SHA-512:8A008D4FAEE52F76A6C9024DE88963261730FA12EB54B0BE5FB80F8CC02CF7FEC0EFC126A209A646BE17D91B78FFC2E54BAAB7E346474BCFFFD92D3C942E959F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Copyright 2018 Alex Ionescu. All rights reserved.....Redistribution and use in source and binary forms, with or without modification, are permitted provided..that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this list of conditions and.. the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions.. and the following disclaimer in the documentation and/or other materials provided with the.. distribution.....THIS SOFTWARE IS PROVIDED BY ALEX IONESCU ``AS IS'' AND ANY EXPRESS OR IMPLIED..WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND..FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ALEX IONESCU..OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR..CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS..OR SERVICES; LOSS OF USE,

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):308120
                                                                                                                                                                                                                                                                        Entropy (8bit):6.921402988579037
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:3QMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+XkO4qOT:3NJyTuxkC57IZEzGmT
                                                                                                                                                                                                                                                                        MD5:462322CC93E55016D5EA78B2B9823657
                                                                                                                                                                                                                                                                        SHA1:3E8E00B690A4370D6F2DFDCF730F2D3FDA4806A6
                                                                                                                                                                                                                                                                        SHA-256:AEDC048FCFEC594E7307E4730D850E5E0121820A76CA1A363F4A2E41D084F393
                                                                                                                                                                                                                                                                        SHA-512:A46E56130A8D1CA588D9935D98468543328B42492F1257157D2C7FD99AC341E8A22337AC2228AECF33A70913A7E7161B300BB458E1C07D5D0B94A7AA1DD72D79
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t.....q.q...y.W.P...y.i.b...y.V......D}.}...t...+....%R.\....%j.u...y.m.u....%h.u...Richt...........................PE..L...h.&V...........!.....p................................................................@.....................................d....P...............L...g...`..@E......8...............................@...............T............................text....o.......p.................. ..`.rdata...v.......x...t..............@..@.data....@..........................@....rsrc........P......................@..@.reloc..@E...`...F..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):339864
                                                                                                                                                                                                                                                                        Entropy (8bit):6.56829741282491
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:ZnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pY2B:jdsxs6I6k9MUoNt2vSs8KqdmgIIE/b
                                                                                                                                                                                                                                                                        MD5:A358DAE60F1C0F6A633F98B1E4D3E850
                                                                                                                                                                                                                                                                        SHA1:2016F1FB0F8000E515602498432951B7C5BC5ACA
                                                                                                                                                                                                                                                                        SHA-256:25C648CFDB4CDBBB13630ADC7C14F2BB556C98F5CD1DCBECAFFA91629D2D4A4C
                                                                                                                                                                                                                                                                        SHA-512:879B5E95CF7F06E105930724BBC6967B367417DCE390A15DE48BF5CE76CE2435EA4A59095AB67EEE5A05FA41126DDB984C2154ABA34B33FAC895A1CCC2D2A617
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.j...9...9...9..p9...9..V9...9..W9...9..h9...9K.|9...9...9...9#.S9...9#.k9...9.|l9...9#.i9...9Rich...9........PE..d...t.&V.........." .........J...............................................0............`..........................................h.......t..d...............\+.......g... ......@...8............................8..p............................................text............................... ..`.rdata..P...........................@..@.data....R......."...n..............@....pdata..\+.......,..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):464280
                                                                                                                                                                                                                                                                        Entropy (8bit):6.881353710429075
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:dBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfy:dxLrLmd4OA4L8DXGnmy
                                                                                                                                                                                                                                                                        MD5:AD3F33BAC8EADAB224ADAF4CF6D5B97A
                                                                                                                                                                                                                                                                        SHA1:6CCFB97236C5AD3B48A3EB7A113E3E297422E808
                                                                                                                                                                                                                                                                        SHA-256:58B206AB9A3D84FDAFB537B419F721ECDEADE489707DBAB227B043D5343DB369
                                                                                                                                                                                                                                                                        SHA-512:C319A1C3D0D90AFEFD27DC0379C79E38993490FFA14CB281F419BC94FDE5776CD7EAB54351C57F6EAEEBCACF7F965FA0B8A8DD67489E799FCD84D39393C62A3E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..3...3...3..d...3..d....3..d....3...6...3...7...3...0...3.......3...2...3.<.;...3.<.3...3.<....3.<.1...3.Rich..3.................PE..L....v._...........!..... ...................0............................................@..........................c.......q..(........................g.......2...W..p............................X..@............0..h............................text...@........ .................. ..`.rdata...I...0...J...$..............@..@.data................n..............@....rsrc................x..............@..@.reloc...2.......4...z..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\lua53-64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):541592
                                                                                                                                                                                                                                                                        Entropy (8bit):6.56379573889746
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
                                                                                                                                                                                                                                                                        MD5:B7C9F1E7E640F1A034BE84AF86970D45
                                                                                                                                                                                                                                                                        SHA1:F795DC3D781B9578A96C92658B9F95806FC9BDDE
                                                                                                                                                                                                                                                                        SHA-256:6D0A06B90213F082CB98950890518C0F08B9FC16DBFAB34D400267CB6CDADEFF
                                                                                                                                                                                                                                                                        SHA-512:DA63992B68F1112C0D6B33E6004F38E85B3C3E251E0D5457CD63804A49C5AA05AA23249E0614DACAD4FEC28CA6EFDB5DDEE06DA5BFBFA07E21942976201079F3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.............q.R.....q.P.....q.Q.....y......y......y.......i0............Vx......Vx......Vx\.....Vx......Rich............PE..d....w._.........." .................:....................................... ......&.....`.........................................0f..p....t..(................Q.......g......\.......p............................................................................text............................... ..`.rdata..............................@..@.data...8............n..............@....pdata...Q.......R...|..............@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):202648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.566120700945174
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:fr03mcDwt5b2+z615yQ7SLVTnyJYpgerOEmgsRBZnwO4oO8:fg3mrHb2+z615yQ7GnyOpFOEFKD2G
                                                                                                                                                                                                                                                                        MD5:9F50134C8BE9AF59F371F607A6DAA0B6
                                                                                                                                                                                                                                                                        SHA1:6584B98172CBC4916A7E5CA8D5788493F85F24A7
                                                                                                                                                                                                                                                                        SHA-256:DD07117ED80546F23D37F8023E992DE560A1F55A76D1EB6DFD9D55BAA5E3DAD6
                                                                                                                                                                                                                                                                        SHA-512:5CCAFA2B0E2D20034168EE9A79E8EFFF64F12F5247F6772815EF4CB9EE56F245A06B088247222C5A3789AE2DCEFADBC2C15DF4FF5196028857F92B9992B094E0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........d....*........... ...............................@......D...........................................P........................g.......#......................................................d............................text............................... ..`.data...d.... ......................@....rdata..,c...@...d..................@..@.bss.....*...............................CRT.................~..............@....idata..............................@....edata..............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.017604835530295
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KK2iOI60nWU4NJ4twEywGLOJQbcOL9z32fY8iV1OQfkz5w4Q7hk1D2oOyPOP:KKu0WU4J0w6xJkBAY8i7fkaThkA4g
                                                                                                                                                                                                                                                                        MD5:DD71848B5BBD150E22E84238CF985AF0
                                                                                                                                                                                                                                                                        SHA1:35C7AA128D47710CFDB15BB6809A20DBD0F916D8
                                                                                                                                                                                                                                                                        SHA-256:253D18D0D835F482E6ABBAF716855580EB8FE789292C937301E4D60EAD29531D
                                                                                                                                                                                                                                                                        SHA-512:0CBF35C9D7B09FB57D8A9079EAB726A3891393F12AEE8B43E01D1D979509E755B74C0FB677F8F2DFAB6B2E34A141F65D0CFBFE57BDA0BF7482841AD31ACE7790
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".... Z..........`........................................ .......U..........................................................P............p.. ........g......0...................................................@................................text... Z.......\.................. ..`.data........p.......`..............@....rdata...............z..............@..@.pdata.. ....p...0...T..............@..@.bss.....................................CRT................................@....idata..............................@....edata..............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\main.lua (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):201
                                                                                                                                                                                                                                                                        Entropy (8bit):4.465403493165412
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:JW4+sNv/lQBAHpbs/UcUFJKPACcAE8J6Xv:JB+slzs/tUrKcbXv
                                                                                                                                                                                                                                                                        MD5:62771A63FDC87764BFF87D82918AB02A
                                                                                                                                                                                                                                                                        SHA1:8E468DED8CED87A10470BD5594337A854FF344BA
                                                                                                                                                                                                                                                                        SHA-256:5C16124BA0B39214BECB1AF4161BD82147AD8468879A3FD8E9FACC656A1D2E6F
                                                                                                                                                                                                                                                                        SHA-512:8D1792B712504336CAC0B175146F2B7EAEDA043BD3941C7B7C54CF926A4BA4835F0EFF7A2AD5C7B5509F80E7420C3F5F94200D4C3F922DB92B807E20E09A84D0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:--This lua script gets loaded when Cheat Engine loads..--You can use this to define some often used functions and libraries you'd like to use....require("defines")....--for documentation read celua.txt

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\overlay.fx (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2086
                                                                                                                                                                                                                                                                        Entropy (8bit):4.748005607182281
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:HZooJUJAimKakohOgM4TDB6liofD0x6g8W:HioemKakaOgM4J6l5C6g8W
                                                                                                                                                                                                                                                                        MD5:650C02FC9F949D14D62E32DD7A894F5E
                                                                                                                                                                                                                                                                        SHA1:FA5399B01AADD9F1A4A5632F8632711C186EC0DE
                                                                                                                                                                                                                                                                        SHA-256:C4D23DB8EFFB359B4AA4D1E1E480486FE3A4586CE8243397A94250627BA4F8CC
                                                                                                                                                                                                                                                                        SHA-512:F2CAAF604C271283FC7AF3AA9674B9D647C4AC53DFFCA031DBF1220D3ED2E867943F5409A95F41C61D716879BED7C888735F43A068F1CC1452B4196D611CB76D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview://credits: ms d3d tutorials which I hacked apart....Texture2D txDiffuse : register( t0 );..SamplerState samLinear : register( s0 );....cbuffer ConstantBuffer : register( b0 )..{....float4x4 rotation;.. float2 originpoint;...float2 translation;...float2 scaling;...float transparency;....float garbage;...}..........//--------------------------------------------------------------------------------------..struct VS_INPUT..{.. float4 Pos : POSITION;.. float2 Tex : TEXCOORD0;..};....struct PS_INPUT..{.. float4 Pos : SV_POSITION;.. float2 Tex : TEXCOORD0;..};......//--------------------------------------------------------------------------------------..// Vertex Shader..//--------------------------------------------------------------------------------------..PS_INPUT VS( VS_INPUT input )..{.... PS_INPUT r=input;.. float4 rp;........ r.Pos[0]-=originpoint[0];.. r.Pos[1]+=originpoint[1];.. r.Pos=mul(r.Pos, rotation);.... r.Pos[0]+=originpoint[0];.. r.Pos[

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary.sln (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1513
                                                                                                                                                                                                                                                                        Entropy (8bit):5.570853751982549
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPEkvanEc5GgSyTA8VffAa6iAoPARiA2PAo6kA68IAvkAU8TlzbBW:pP0EmdSy8ZLlHRl19DPXvDxts
                                                                                                                                                                                                                                                                        MD5:8E1EECB2D6B4F579A7FE4B11361E1D96
                                                                                                                                                                                                                                                                        SHA1:647911F537437A80F06C1324AC9AF5843BFCFA01
                                                                                                                                                                                                                                                                        SHA-256:37DAA1B4FB9966A0EED6DAEBB98FAE863C92F433D97CEA90DD95107FA7F14A1A
                                                                                                                                                                                                                                                                        SHA-512:1BE14802B7B2C13DCAEDBFB8814C7DF011A48C27D83C249EE5C074ACD0AF2070595D8809EC1EF92A6DE1FF4BFA55B3D393A9E5390C04EEF72FD1F1952DA2CCAE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 15..VisualStudioVersion = 15.0.28307.489..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CEPluginLibrary", "CEPluginLibrary\CEPluginLibrary.csproj", "{99772D98-3865-4E8D-BB02-A855950904F8}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Any CPU = Debug|Any CPU....Debug|x64 = Debug|x64....Release|Any CPU = Release|Any CPU....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Release|Any CPU.ActiveCfg = Releas

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2926
                                                                                                                                                                                                                                                                        Entropy (8bit):5.296204236636278
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:3rYSjNJpu5z2fBZi43iqcscr14H1xmH/14H1BA6B6Kv6tH6T626HZ6sM6l6a6A3E:7YWnpu5CZi4ncsZxm4GE5vsHSBCHMOVo
                                                                                                                                                                                                                                                                        MD5:BD4AB4CC0D5BED5FBC5228F4035A191D
                                                                                                                                                                                                                                                                        SHA1:AE2B589B7342B9C2D30BDBE3575509F6C3DB5D47
                                                                                                                                                                                                                                                                        SHA-256:65121FFC91A1EEF66A3281ACFF99C3014DB81FF143A47B02ED6953710CFCAFD5
                                                                                                                                                                                                                                                                        SHA-512:81C9CCC18BB5BD0A0F714CB625E1EF0FB62EE20106A3386D812E343D322B7BCE435D5C61D575AE68DA26504B39131D5FBCF405524ADD8233A0D0E4E4405811AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>.. <ProjectGuid>{99772D98-3865-4E8D-BB02-A855950904F8}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>CEPluginLibrary</RootNamespace>.. <AssemblyName>CEPluginExample</AssemblyName>.. <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <Deterministic>true</Deterministic>.. </PropertyGroup>.. <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExample.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4778
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4952095990499785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXV0VgqojlWXS+vx+FvDVfv6nEbvFUG7Fnm4Auzsq8tdlvuO4BVNT:9UF4ajlWXS+vx+FvDVfv6WdUGBnm4Au9
                                                                                                                                                                                                                                                                        MD5:B45C3E2829EED1BEB58ED85D8E27362B
                                                                                                                                                                                                                                                                        SHA1:9AFF1824269B8829B4903AC0DC53E7B314CAD5D0
                                                                                                                                                                                                                                                                        SHA-256:B16C0C45DCD137B01C6BB2ED3BBB7DECB406FDEC3D4AEBBF1F6EEB44E9039397
                                                                                                                                                                                                                                                                        SHA-512:771506912072FE9EB3500C9CCC9D02236B1DB579E02ECE9ABE538548B5F2FC0AD312EDF576DFCDE97F64E573D7B70B6CD73452BA426AAB1E8F31A9431942CC89
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. class PluginExample : CESDKPluginClass.. {.. public override string GetPluginName().. {.. return "C# Plugin Template for Cheat Engine 7.1+";.. }.... public override bool DisablePlugin() //called when disabled.. {.. .. return true;.. }.. .. public override bool EnablePlugin() //called when enabled.. {.. //you can use sdk here.. //sdk.lua.dostring("print('I am alive')");.. .... sdk.lua.Register("pluginexample1", MyFunction);.. sdk.lua.Register("pluginexample2", MyFunction2);.. sdk.lua.Register("pluginexample3", MyFunction3);.. sdk.lua.Register("pluginexample4", MyFunction4);.. sdk

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.Designer.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9887
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5923744109984925
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Jwa+UHCXRQbXVkmGqYnowGCo0Q3fHRlsc5guLWoeU80bklzg8:Jw1UHqRQbXAoLCtQPHbsc5guLWD0bmh
                                                                                                                                                                                                                                                                        MD5:48A54615FB62B5964D621D88ABFF8C98
                                                                                                                                                                                                                                                                        SHA1:8131BA02B49DF23D592EF8FD24B1C9BED5BA0B94
                                                                                                                                                                                                                                                                        SHA-256:8E4B2FFFDA394E6F9376A930C3B0F1BAEFAF69CE68FA17C0A80A5B49D22633D0
                                                                                                                                                                                                                                                                        SHA-512:A433DD6D692263B3C190F1B1113962BEDCF68C0C947B1CD4C7BFD32755A397B9DBA02E3E668F7B548CB21C869E8D2183FDDCC2519D9D15082AA2C664CB0DF902
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.namespace CEPluginLibrary..{.. partial class PluginExampleForm.. {.. /// <summary>.. /// Required designer variable... /// </summary>.. private System.ComponentModel.IContainer components = null;.... /// <summary>.. /// Clean up any resources being used... /// </summary>.. /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>.. protected override void Dispose(bool disposing).. {.. if (disposing && (components != null)).. {.. components.Dispose();.. }.. base.Dispose(disposing);.. }.... #region Windows Form Designer generated code.... /// <summary>.. /// Required method for Designer support - do not modify.. /// the contents of this method with the code editor... /// </summary>.. private void InitializeComponent().. {.. this.button1 = new Sy

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5253
                                                                                                                                                                                                                                                                        Entropy (8bit):4.220186376885213
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h4Dcz02nXVgqQUmzIxT1Y7wx7F74GwPgVK5z536uChJYqt+9UYNY:9KGpFDy7C7FwPgVcqu1NY
                                                                                                                                                                                                                                                                        MD5:D6A1CE4FE7D7E9321C47B5BA48BB0675
                                                                                                                                                                                                                                                                        SHA1:D2F7178B9607765FDBFC869EF2F3F25405E9D2E4
                                                                                                                                                                                                                                                                        SHA-256:F47E49AB8E84189B6C1DD2B4A018C43992B34B5E2C025B09CCE8BE9D60C58B6B
                                                                                                                                                                                                                                                                        SHA-512:9F4428E86FDF025D94BA897CC68B91056FF28A4BD2ED12DE2B9FEDE00D4396F3F53D05E4115D8CFD8F50B83891A7994001ED359E3A01C53C8578CD89DE5CC338
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.ComponentModel;..using System.Data;..using System.Drawing;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. public partial class PluginExampleForm : Form.. {.. MemScan ms;.. FoundList fl;.... public PluginExampleForm().. {.. InitializeComponent();.. }.... private void button1_Click(object sender, EventArgs e).. { .. MessageBox.Show("WEEEEEEE");.. GC.Collect();.. }.... .... private void MemScanDone(object sender).. {.. //called from CE's main UI thread. Problematic if the form was created using a new thread.. if (this.InvokeRequired).. { .. this.BeginInvoke(((MemScan)sender).OnScanDone,sender);.. }.. else..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.resx (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5817
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7214047966009245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
                                                                                                                                                                                                                                                                        MD5:4EB5913A0E5AA842250F7419538FA230
                                                                                                                                                                                                                                                                        SHA1:31FB76E5D9BABE97A11FEA041081F96CE426107A
                                                                                                                                                                                                                                                                        SHA-256:4363CD7D5B8671C72442CE1A1BFC10D64EBD24B2D718B54BD4FCD025E4967298
                                                                                                                                                                                                                                                                        SHA-512:846207F9DB4C05D2070482C27AF72C50B8F423AC1C7EFB5266B059F6A41362704E9F5A590E428F4AEFD791EDD2E21C1B34473361911CBEEA2CFCAF741B5BEBFF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<root>.. .. Microsoft ResX Schema .. .. Version 2.0.. .. The primary goals of this format is to allow a simple XML format .. that is mostly human readable. The generation and parsing of the .. various data types are done through the TypeConverter classes .. associated with the data types... .. Example:.. .. ... ado.net/XML headers & schema ..... <resheader name="resmimetype">text/microsoft-resx</resheader>.. <resheader name="version">2.0</resheader>.. <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>.. <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>.. <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>.. <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>.. <data name="Bitmap1" mimetype="application/x-microsoft

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\AssemblyInfo.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1437
                                                                                                                                                                                                                                                                        Entropy (8bit):5.076090513105922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JINebtJwLK0YRr/h+K+BPG/+W+t7kn5e3rmXeYhQ7MJnYUc:Jwebt+LKJRr/hp+PG/j+hk5eCuYh/5YF
                                                                                                                                                                                                                                                                        MD5:62142985D98CA0708215AACD89AEB34D
                                                                                                                                                                                                                                                                        SHA1:98382B9A288905D9A38B013122A22A6118990FD7
                                                                                                                                                                                                                                                                        SHA-256:B308630E16DAAE770982D45A64A9AC63136921A1F174CBC0A645E36142DB2128
                                                                                                                                                                                                                                                                        SHA-512:BAEC8A5EDBD21140A8424721D7E16F16FDDB61D9E4EC026A5C10C22B52FA389F98A1756928FA0967959CB4B1EBC22ACF48A11F5C308E256BCF74037F637E817E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("CEPluginLibrary")]..[assembly: AssemblyDescription("")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("CEPluginLibrary")]..[assembly: AssemblyCopyright("Copyright . 2020")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible..// to COM components. If you need to access a type in this assembly from..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the ID of the typelib if this project is exposed to COM..[assembly: Guid("99772d98-3865-4e8d-bb02-a8

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-34QLM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1437
                                                                                                                                                                                                                                                                        Entropy (8bit):5.076090513105922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JINebtJwLK0YRr/h+K+BPG/+W+t7kn5e3rmXeYhQ7MJnYUc:Jwebt+LKJRr/hp+PG/j+hk5eCuYh/5YF
                                                                                                                                                                                                                                                                        MD5:62142985D98CA0708215AACD89AEB34D
                                                                                                                                                                                                                                                                        SHA1:98382B9A288905D9A38B013122A22A6118990FD7
                                                                                                                                                                                                                                                                        SHA-256:B308630E16DAAE770982D45A64A9AC63136921A1F174CBC0A645E36142DB2128
                                                                                                                                                                                                                                                                        SHA-512:BAEC8A5EDBD21140A8424721D7E16F16FDDB61D9E4EC026A5C10C22B52FA389F98A1756928FA0967959CB4B1EBC22ACF48A11F5C308E256BCF74037F637E817E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("CEPluginLibrary")]..[assembly: AssemblyDescription("")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("CEPluginLibrary")]..[assembly: AssemblyCopyright("Copyright . 2020")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible..// to COM components. If you need to access a type in this assembly from..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the ID of the typelib if this project is exposed to COM..[assembly: Guid("99772d98-3865-4e8d-bb02-a8

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CEObjectWrapper.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):982
                                                                                                                                                                                                                                                                        Entropy (8bit):4.435515760549183
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Jo4KM2nkqVp3gqI6BkUSx2n1TY6yhdRcAv1iY:Jo4h2nXVGqI6GU5dyFxiY
                                                                                                                                                                                                                                                                        MD5:5D0DEB0B6B7C873B5F56BCEDA264B77F
                                                                                                                                                                                                                                                                        SHA1:49EE6163658B643F4368471239A0E0D196DD714D
                                                                                                                                                                                                                                                                        SHA-256:AD5E1FC96B40B64A65C5901006BD4823FF71B5D846856DB89115D667D112ED6A
                                                                                                                                                                                                                                                                        SHA-512:F5322FE291655663EB3D2817AD17C3CFF4ABF6A9D2F9B85B93060DB782BA63E82B7A1B5969849B9CEF25552F5F0E35EFE1572C0A48AB4869F54B304524C1565A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. /// <summary>.. /// Base class for implementing objects inherited from TObject (just a destructor in this case).. /// </summary>.. class CEObjectWrapper.. { .. protected CESDKLua lua = CESDK.currentPlugin.sdk.lua;.. protected IntPtr CEObject;.. public IntPtr obj { get { return CEObject; } }........ ~CEObjectWrapper().. {.. if (CEObject != IntPtr.Zero).. {.. lua.PushCEObject(CEObject);.. lua.PushString("destroy");.. lua.GetTable(-2);.... if (lua.IsFunction(-1)).. {.. lua.PCall(0, 0);.. }.. else.. throw new System.ApplicationException("Object without a destroy method");.. }.. }.. }..}..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CESDK.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6763
                                                                                                                                                                                                                                                                        Entropy (8bit):4.595472479915153
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9UbHGZa1JsDzbH6eHpRHQHOHLOGNQfzN8fWsZEPjR2uTDKIuj1JK+Kz:9ksD7wurO9zjsu1rTuS
                                                                                                                                                                                                                                                                        MD5:AB17C7A5C7A57BA82912E2D05D1CE525
                                                                                                                                                                                                                                                                        SHA1:A32917633EB47144520E2DCA14E15F5F46643A4E
                                                                                                                                                                                                                                                                        SHA-256:545F6394AAE6C7DE8DF94DB797BBE09EB87AAAED2A5A22410BD42618F7F61999
                                                                                                                                                                                                                                                                        SHA-512:8B0F2C787BB79F6A40628AF3AB9D16A08A15128EE4D79E4F9DFBEA663200C00C5391C6CF965DE502F79E5927283FC42E700B9AA3664A78DB4404046AB9D81251
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Runtime.InteropServices;..using System.Text;..using System.Threading.Tasks;..using System.Reflection;......//CE SDK wrapper. You usually don't need to be here, so close your eyes and walk away....namespace CESDK..{.. .. public abstract class CESDKPluginClass.. {.. public CESDK sdk;.. public abstract String GetPluginName();.. public abstract Boolean EnablePlugin();.. public abstract Boolean DisablePlugin();.. }.... [StructLayout(LayoutKind.Sequential)].. public struct TExportedFunctions.. {.. public int sizeofExportedFunctions;.. public IntPtr GetLuaState;.. public IntPtr LuaRegister;.. public IntPtr LuaPushClassInstance;.. public IntPtr ProcessMessages;.. public IntPtr CheckSynchronize;.. }.... public class CESDK.. {.. public static CESDKPluginClass currentPlugin;.. public CESDKLua lua;..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CESDKLua.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):23899
                                                                                                                                                                                                                                                                        Entropy (8bit):4.746150555809051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:48k5CqoQyEIC9hgEcxmae6QtCJBn/wbvQN3cPcsq4FxNUjrbqXEozS/q/hQXb6mV:WUq5QXey
                                                                                                                                                                                                                                                                        MD5:2B831125B3F0573EC8B12FDB91DA2FD3
                                                                                                                                                                                                                                                                        SHA1:E6AEDE01D2EA3D05D825A8D04D0DD9E3831EEA84
                                                                                                                                                                                                                                                                        SHA-256:7E625FFA7E5F39351AA558021886075A251A24C111AE3C67AB75A2487EEF6689
                                                                                                                                                                                                                                                                        SHA-512:E811D11FB8C2F24AE9A6893989702E9ECF674C977704D29733FCA44491FF793CB3E8A4DD99D699145AAE92EFAB0F64CC63615EA3108953024516CB95EB927D35
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.//Copyright Cheat Engine 2020..using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Runtime.InteropServices;....namespace CESDK..{.. public class CESDKLua.. {.. private const int LUA_TNONE = -1;.. private const int LUA_TNIL = 0;.. private const int LUA_TBOOLEAN = 1;.. private const int LUA_TLIGHTUSERDATA = 2;.. private const int LUA_TNUMBER = 3;.. private const int LUA_TSTRING = 4;.. private const int LUA_TTABLE = 5;.. private const int LUA_TFUNCTION = 6;.. private const int LUA_TUSERDATA = 7;.. private const int LUA_TTHREAD = 8; .... [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)].. static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.LPStr)]string lpFileName);.... [DllImport("kernel32.dll", SetLastError = true, Cha

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\FoundList.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3404
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9340216921200066
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXVG6n6cbwhwGICIIAIwhICIIA9jx5J:9UFL6PIfIz
                                                                                                                                                                                                                                                                        MD5:1DD2F4D1FACD43BB2CA69C75FEA92A5B
                                                                                                                                                                                                                                                                        SHA1:E9B62F784A2BB86A26A31D6F82679DFC483FFB58
                                                                                                                                                                                                                                                                        SHA-256:6B412B63F5B15B7B247A191D4D76F4B9F4F3F135DA44E46A31CE1C801DDBDA4C
                                                                                                                                                                                                                                                                        SHA-512:A09A38C925F5CB3043CCFF4C4A07715DFEA6666B116DA6120F21FF53C2A201A841C936639E3A9A58ABE4E320FE12155936E9890F5DB7CBD1128D93110AECB26B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like...... class FoundList :CEObjectWrapper.. {.. public int Count { get { return GetCount(); } }.... int GetCount().. {.. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Count");.. lua.GetTable(-2);.... return (int)lua.ToInteger(-1);.. }.. finally.. {.. lua.SetTop(0);.. } .. }.... public string GetAddress(int i).. {.. .. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Address");.. lua.GetTable(-2

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\MemScan.cs (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8480
                                                                                                                                                                                                                                                                        Entropy (8bit):4.327578339834133
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXVG6ncxU750WM5Eo7F1MF1F8S+sY7wxhJ0wxLnwgcLiBsl6qRRt0txt5qX:9UFLcxU90WCnx7eLOLkiL1L327mDl
                                                                                                                                                                                                                                                                        MD5:8570870BDF281AA6FE801B53CB4647DE
                                                                                                                                                                                                                                                                        SHA1:0A6F0EAE1BAD8AE9BA42CA49CE963C1EC6758522
                                                                                                                                                                                                                                                                        SHA-256:2B3F24397889FEF6B449D252A8929C57C6765C73D93A717902F6F5E63DFBDDC2
                                                                                                                                                                                                                                                                        SHA-512:86E436029AF6968289B54204A8F008ABD50ACECC889C1A6773BF2C3073196F366203A2D506BEC85AF3CC580CD71C3806708AD745DD65D18A2AE0D02AA4F5F1E1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like.... public enum ScanOptions.. {.. soUnknownValue = 0,.. soExactValue = 1,.. soValueBetween = 2,.. soBiggerThan = 3,.. soSmallerThan = 4,.. soIncreasedValue = 5,.. soIncreasedValueBy = 6,.. soDecreasedValue = 7,.. soDecreasedValueBy = 8,.. soChanged = 9,.. soUnchanged = 10.. }.... public enum VarTypes.. {.. vtByte = 0,.. vtWord = 1,.. vtDword = 2,.. vtQword = 3,.. vtSingle = 4,.. vtDouble = 5,.. vtString = 6,.. vtUnicodeString = 7, //--Only used by autoguess.. vtWideString = 7,.. vtByteArray = 8,.. vtBinary = 9,..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-1EOTV.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):23899
                                                                                                                                                                                                                                                                        Entropy (8bit):4.746150555809051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:48k5CqoQyEIC9hgEcxmae6QtCJBn/wbvQN3cPcsq4FxNUjrbqXEozS/q/hQXb6mV:WUq5QXey
                                                                                                                                                                                                                                                                        MD5:2B831125B3F0573EC8B12FDB91DA2FD3
                                                                                                                                                                                                                                                                        SHA1:E6AEDE01D2EA3D05D825A8D04D0DD9E3831EEA84
                                                                                                                                                                                                                                                                        SHA-256:7E625FFA7E5F39351AA558021886075A251A24C111AE3C67AB75A2487EEF6689
                                                                                                                                                                                                                                                                        SHA-512:E811D11FB8C2F24AE9A6893989702E9ECF674C977704D29733FCA44491FF793CB3E8A4DD99D699145AAE92EFAB0F64CC63615EA3108953024516CB95EB927D35
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.//Copyright Cheat Engine 2020..using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Runtime.InteropServices;....namespace CESDK..{.. public class CESDKLua.. {.. private const int LUA_TNONE = -1;.. private const int LUA_TNIL = 0;.. private const int LUA_TBOOLEAN = 1;.. private const int LUA_TLIGHTUSERDATA = 2;.. private const int LUA_TNUMBER = 3;.. private const int LUA_TSTRING = 4;.. private const int LUA_TTABLE = 5;.. private const int LUA_TFUNCTION = 6;.. private const int LUA_TUSERDATA = 7;.. private const int LUA_TTHREAD = 8; .... [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)].. static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.LPStr)]string lpFileName);.... [DllImport("kernel32.dll", SetLastError = true, Cha

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-7IOSD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3404
                                                                                                                                                                                                                                                                        Entropy (8bit):3.9340216921200066
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXVG6n6cbwhwGICIIAIwhICIIA9jx5J:9UFL6PIfIz
                                                                                                                                                                                                                                                                        MD5:1DD2F4D1FACD43BB2CA69C75FEA92A5B
                                                                                                                                                                                                                                                                        SHA1:E9B62F784A2BB86A26A31D6F82679DFC483FFB58
                                                                                                                                                                                                                                                                        SHA-256:6B412B63F5B15B7B247A191D4D76F4B9F4F3F135DA44E46A31CE1C801DDBDA4C
                                                                                                                                                                                                                                                                        SHA-512:A09A38C925F5CB3043CCFF4C4A07715DFEA6666B116DA6120F21FF53C2A201A841C936639E3A9A58ABE4E320FE12155936E9890F5DB7CBD1128D93110AECB26B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like...... class FoundList :CEObjectWrapper.. {.. public int Count { get { return GetCount(); } }.... int GetCount().. {.. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Count");.. lua.GetTable(-2);.... return (int)lua.ToInteger(-1);.. }.. finally.. {.. lua.SetTop(0);.. } .. }.... public string GetAddress(int i).. {.. .. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Address");.. lua.GetTable(-2

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-R3J1H.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8480
                                                                                                                                                                                                                                                                        Entropy (8bit):4.327578339834133
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXVG6ncxU750WM5Eo7F1MF1F8S+sY7wxhJ0wxLnwgcLiBsl6qRRt0txt5qX:9UFLcxU90WCnx7eLOLkiL1L327mDl
                                                                                                                                                                                                                                                                        MD5:8570870BDF281AA6FE801B53CB4647DE
                                                                                                                                                                                                                                                                        SHA1:0A6F0EAE1BAD8AE9BA42CA49CE963C1EC6758522
                                                                                                                                                                                                                                                                        SHA-256:2B3F24397889FEF6B449D252A8929C57C6765C73D93A717902F6F5E63DFBDDC2
                                                                                                                                                                                                                                                                        SHA-512:86E436029AF6968289B54204A8F008ABD50ACECC889C1A6773BF2C3073196F366203A2D506BEC85AF3CC580CD71C3806708AD745DD65D18A2AE0D02AA4F5F1E1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like.... public enum ScanOptions.. {.. soUnknownValue = 0,.. soExactValue = 1,.. soValueBetween = 2,.. soBiggerThan = 3,.. soSmallerThan = 4,.. soIncreasedValue = 5,.. soIncreasedValueBy = 6,.. soDecreasedValue = 7,.. soDecreasedValueBy = 8,.. soChanged = 9,.. soUnchanged = 10.. }.... public enum VarTypes.. {.. vtByte = 0,.. vtWord = 1,.. vtDword = 2,.. vtQword = 3,.. vtSingle = 4,.. vtDouble = 5,.. vtString = 6,.. vtUnicodeString = 7, //--Only used by autoguess.. vtWideString = 7,.. vtByteArray = 8,.. vtBinary = 9,..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-RVN7J.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):982
                                                                                                                                                                                                                                                                        Entropy (8bit):4.435515760549183
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:Jo4KM2nkqVp3gqI6BkUSx2n1TY6yhdRcAv1iY:Jo4h2nXVGqI6GU5dyFxiY
                                                                                                                                                                                                                                                                        MD5:5D0DEB0B6B7C873B5F56BCEDA264B77F
                                                                                                                                                                                                                                                                        SHA1:49EE6163658B643F4368471239A0E0D196DD714D
                                                                                                                                                                                                                                                                        SHA-256:AD5E1FC96B40B64A65C5901006BD4823FF71B5D846856DB89115D667D112ED6A
                                                                                                                                                                                                                                                                        SHA-512:F5322FE291655663EB3D2817AD17C3CFF4ABF6A9D2F9B85B93060DB782BA63E82B7A1B5969849B9CEF25552F5F0E35EFE1572C0A48AB4869F54B304524C1565A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. /// <summary>.. /// Base class for implementing objects inherited from TObject (just a destructor in this case).. /// </summary>.. class CEObjectWrapper.. { .. protected CESDKLua lua = CESDK.currentPlugin.sdk.lua;.. protected IntPtr CEObject;.. public IntPtr obj { get { return CEObject; } }........ ~CEObjectWrapper().. {.. if (CEObject != IntPtr.Zero).. {.. lua.PushCEObject(CEObject);.. lua.PushString("destroy");.. lua.GetTable(-2);.... if (lua.IsFunction(-1)).. {.. lua.PCall(0, 0);.. }.. else.. throw new System.ApplicationException("Object without a destroy method");.. }.. }.. }..}..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-UEFE1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6763
                                                                                                                                                                                                                                                                        Entropy (8bit):4.595472479915153
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9UbHGZa1JsDzbH6eHpRHQHOHLOGNQfzN8fWsZEPjR2uTDKIuj1JK+Kz:9ksD7wurO9zjsu1rTuS
                                                                                                                                                                                                                                                                        MD5:AB17C7A5C7A57BA82912E2D05D1CE525
                                                                                                                                                                                                                                                                        SHA1:A32917633EB47144520E2DCA14E15F5F46643A4E
                                                                                                                                                                                                                                                                        SHA-256:545F6394AAE6C7DE8DF94DB797BBE09EB87AAAED2A5A22410BD42618F7F61999
                                                                                                                                                                                                                                                                        SHA-512:8B0F2C787BB79F6A40628AF3AB9D16A08A15128EE4D79E4F9DFBEA663200C00C5391C6CF965DE502F79E5927283FC42E700B9AA3664A78DB4404046AB9D81251
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Runtime.InteropServices;..using System.Text;..using System.Threading.Tasks;..using System.Reflection;......//CE SDK wrapper. You usually don't need to be here, so close your eyes and walk away....namespace CESDK..{.. .. public abstract class CESDKPluginClass.. {.. public CESDK sdk;.. public abstract String GetPluginName();.. public abstract Boolean EnablePlugin();.. public abstract Boolean DisablePlugin();.. }.... [StructLayout(LayoutKind.Sequential)].. public struct TExportedFunctions.. {.. public int sizeofExportedFunctions;.. public IntPtr GetLuaState;.. public IntPtr LuaRegister;.. public IntPtr LuaPushClassInstance;.. public IntPtr ProcessMessages;.. public IntPtr CheckSynchronize;.. }.... public class CESDK.. {.. public static CESDKPluginClass currentPlugin;.. public CESDKLua lua;..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                                                        Entropy (8bit):5.226890017930093
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:o59YiDgzS3ejrtGtl1Ym+l+rZz4Awdewwwwd2d+e5R777N1HVM7gbvIVBlGiezFM:PmgeujrtGt7Ym+AZxwdewwwwcd+e5RPa
                                                                                                                                                                                                                                                                        MD5:2DF506F3E3969F3DDA3EF32D21F8B210
                                                                                                                                                                                                                                                                        SHA1:77391130A4C3853315882FEA9877B5A0132E737F
                                                                                                                                                                                                                                                                        SHA-256:C49E654839B293C1D1E6D5F245E49A8CAD787E70B3D0EB2659024E6D6ED44BC5
                                                                                                                                                                                                                                                                        SHA-512:22F7F01EBE710423548015C3C87F758F07AEEC93FEFECE5ED6C2AAE8C3D6BAF26D60678E382A0C97B7C8942F2163140146C002D72ABF3014708A4147B654F410
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0.................. ........... ....................................`.....................................O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D..|d..........8.................................................(....*2.{....o....*6.{.....o....*R.~....}......}.....*.0..y.........}......q....}.....{....-...|....{....(...+}.....{....-...|....{....(...+}.....{....-...so...}....~.....}....~....o....*.~....o....*..(............s....}............s....}............s....}....*..0..........~....-.s.........~....(....-k.....(....o....o.......+,........(....o....,....(....t.........+...X...(...+2.~....-..*~....o....(.....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-MV23D.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                                                        Entropy (8bit):5.226890017930093
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:o59YiDgzS3ejrtGtl1Ym+l+rZz4Awdewwwwd2d+e5R777N1HVM7gbvIVBlGiezFM:PmgeujrtGt7Ym+AZxwdewwwwcd+e5RPa
                                                                                                                                                                                                                                                                        MD5:2DF506F3E3969F3DDA3EF32D21F8B210
                                                                                                                                                                                                                                                                        SHA1:77391130A4C3853315882FEA9877B5A0132E737F
                                                                                                                                                                                                                                                                        SHA-256:C49E654839B293C1D1E6D5F245E49A8CAD787E70B3D0EB2659024E6D6ED44BC5
                                                                                                                                                                                                                                                                        SHA-512:22F7F01EBE710423548015C3C87F758F07AEEC93FEFECE5ED6C2AAE8C3D6BAF26D60678E382A0C97B7C8942F2163140146C002D72ABF3014708A4147B654F410
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0.................. ........... ....................................`.....................................O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D..|d..........8.................................................(....*2.{....o....*6.{.....o....*R.~....}......}.....*.0..y.........}......q....}.....{....-...|....{....(...+}.....{....-...|....{....(...+}.....{....-...so...}....~.....}....~....o....*.~....o....*..(............s....}............s....}............s....}....*..0..........~....-.s.........~....(....-k.....(....o....o.......+,........(....o....,....(....t.........+...X...(...+2.~....-..*~....o....(.....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-0HC52.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5817
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7214047966009245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
                                                                                                                                                                                                                                                                        MD5:4EB5913A0E5AA842250F7419538FA230
                                                                                                                                                                                                                                                                        SHA1:31FB76E5D9BABE97A11FEA041081F96CE426107A
                                                                                                                                                                                                                                                                        SHA-256:4363CD7D5B8671C72442CE1A1BFC10D64EBD24B2D718B54BD4FCD025E4967298
                                                                                                                                                                                                                                                                        SHA-512:846207F9DB4C05D2070482C27AF72C50B8F423AC1C7EFB5266B059F6A41362704E9F5A590E428F4AEFD791EDD2E21C1B34473361911CBEEA2CFCAF741B5BEBFF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<root>.. .. Microsoft ResX Schema .. .. Version 2.0.. .. The primary goals of this format is to allow a simple XML format .. that is mostly human readable. The generation and parsing of the .. various data types are done through the TypeConverter classes .. associated with the data types... .. Example:.. .. ... ado.net/XML headers & schema ..... <resheader name="resmimetype">text/microsoft-resx</resheader>.. <resheader name="version">2.0</resheader>.. <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>.. <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>.. <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>.. <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>.. <data name="Bitmap1" mimetype="application/x-microsoft

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-62O6J.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4778
                                                                                                                                                                                                                                                                        Entropy (8bit):4.4952095990499785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h2nXV0VgqojlWXS+vx+FvDVfv6nEbvFUG7Fnm4Auzsq8tdlvuO4BVNT:9UF4ajlWXS+vx+FvDVfv6WdUGBnm4Au9
                                                                                                                                                                                                                                                                        MD5:B45C3E2829EED1BEB58ED85D8E27362B
                                                                                                                                                                                                                                                                        SHA1:9AFF1824269B8829B4903AC0DC53E7B314CAD5D0
                                                                                                                                                                                                                                                                        SHA-256:B16C0C45DCD137B01C6BB2ED3BBB7DECB406FDEC3D4AEBBF1F6EEB44E9039397
                                                                                                                                                                                                                                                                        SHA-512:771506912072FE9EB3500C9CCC9D02236B1DB579E02ECE9ABE538548B5F2FC0AD312EDF576DFCDE97F64E573D7B70B6CD73452BA426AAB1E8F31A9431942CC89
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. class PluginExample : CESDKPluginClass.. {.. public override string GetPluginName().. {.. return "C# Plugin Template for Cheat Engine 7.1+";.. }.... public override bool DisablePlugin() //called when disabled.. {.. .. return true;.. }.. .. public override bool EnablePlugin() //called when enabled.. {.. //you can use sdk here.. //sdk.lua.dostring("print('I am alive')");.. .... sdk.lua.Register("pluginexample1", MyFunction);.. sdk.lua.Register("pluginexample2", MyFunction2);.. sdk.lua.Register("pluginexample3", MyFunction3);.. sdk.lua.Register("pluginexample4", MyFunction4);.. sdk

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-IEPCM.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9887
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5923744109984925
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Jwa+UHCXRQbXVkmGqYnowGCo0Q3fHRlsc5guLWoeU80bklzg8:Jw1UHqRQbXAoLCtQPHbsc5guLWD0bmh
                                                                                                                                                                                                                                                                        MD5:48A54615FB62B5964D621D88ABFF8C98
                                                                                                                                                                                                                                                                        SHA1:8131BA02B49DF23D592EF8FD24B1C9BED5BA0B94
                                                                                                                                                                                                                                                                        SHA-256:8E4B2FFFDA394E6F9376A930C3B0F1BAEFAF69CE68FA17C0A80A5B49D22633D0
                                                                                                                                                                                                                                                                        SHA-512:A433DD6D692263B3C190F1B1113962BEDCF68C0C947B1CD4C7BFD32755A397B9DBA02E3E668F7B548CB21C869E8D2183FDDCC2519D9D15082AA2C664CB0DF902
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.namespace CEPluginLibrary..{.. partial class PluginExampleForm.. {.. /// <summary>.. /// Required designer variable... /// </summary>.. private System.ComponentModel.IContainer components = null;.... /// <summary>.. /// Clean up any resources being used... /// </summary>.. /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>.. protected override void Dispose(bool disposing).. {.. if (disposing && (components != null)).. {.. components.Dispose();.. }.. base.Dispose(disposing);.. }.... #region Windows Form Designer generated code.... /// <summary>.. /// Required method for Designer support - do not modify.. /// the contents of this method with the code editor... /// </summary>.. private void InitializeComponent().. {.. this.button1 = new Sy

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-K5294.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5253
                                                                                                                                                                                                                                                                        Entropy (8bit):4.220186376885213
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Jo4h4Dcz02nXVgqQUmzIxT1Y7wx7F74GwPgVK5z536uChJYqt+9UYNY:9KGpFDy7C7FwPgVcqu1NY
                                                                                                                                                                                                                                                                        MD5:D6A1CE4FE7D7E9321C47B5BA48BB0675
                                                                                                                                                                                                                                                                        SHA1:D2F7178B9607765FDBFC869EF2F3F25405E9D2E4
                                                                                                                                                                                                                                                                        SHA-256:F47E49AB8E84189B6C1DD2B4A018C43992B34B5E2C025B09CCE8BE9D60C58B6B
                                                                                                                                                                                                                                                                        SHA-512:9F4428E86FDF025D94BA897CC68B91056FF28A4BD2ED12DE2B9FEDE00D4396F3F53D05E4115D8CFD8F50B83891A7994001ED359E3A01C53C8578CD89DE5CC338
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.ComponentModel;..using System.Data;..using System.Drawing;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. public partial class PluginExampleForm : Form.. {.. MemScan ms;.. FoundList fl;.... public PluginExampleForm().. {.. InitializeComponent();.. }.... private void button1_Click(object sender, EventArgs e).. { .. MessageBox.Show("WEEEEEEE");.. GC.Collect();.. }.... .... private void MemScanDone(object sender).. {.. //called from CE's main UI thread. Problematic if the form was created using a new thread.. if (this.InvokeRequired).. { .. this.BeginInvoke(((MemScan)sender).OnScanDone,sender);.. }.. else..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-RLT67.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2926
                                                                                                                                                                                                                                                                        Entropy (8bit):5.296204236636278
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:3rYSjNJpu5z2fBZi43iqcscr14H1xmH/14H1BA6B6Kv6tH6T626HZ6sM6l6a6A3E:7YWnpu5CZi4ncsZxm4GE5vsHSBCHMOVo
                                                                                                                                                                                                                                                                        MD5:BD4AB4CC0D5BED5FBC5228F4035A191D
                                                                                                                                                                                                                                                                        SHA1:AE2B589B7342B9C2D30BDBE3575509F6C3DB5D47
                                                                                                                                                                                                                                                                        SHA-256:65121FFC91A1EEF66A3281ACFF99C3014DB81FF143A47B02ED6953710CFCAFD5
                                                                                                                                                                                                                                                                        SHA-512:81C9CCC18BB5BD0A0F714CB625E1EF0FB62EE20106A3386D812E343D322B7BCE435D5C61D575AE68DA26504B39131D5FBCF405524ADD8233A0D0E4E4405811AF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>.. <ProjectGuid>{99772D98-3865-4E8D-BB02-A855950904F8}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>CEPluginLibrary</RootNamespace>.. <AssemblyName>CEPluginExample</AssemblyName>.. <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <Deterministic>true</Deterministic>.. </PropertyGroup>.. <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-Q0C0I.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1513
                                                                                                                                                                                                                                                                        Entropy (8bit):5.570853751982549
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:pPEkvanEc5GgSyTA8VffAa6iAoPARiA2PAo6kA68IAvkAU8TlzbBW:pP0EmdSy8ZLlHRl19DPXvDxts
                                                                                                                                                                                                                                                                        MD5:8E1EECB2D6B4F579A7FE4B11361E1D96
                                                                                                                                                                                                                                                                        SHA1:647911F537437A80F06C1324AC9AF5843BFCFA01
                                                                                                                                                                                                                                                                        SHA-256:37DAA1B4FB9966A0EED6DAEBB98FAE863C92F433D97CEA90DD95107FA7F14A1A
                                                                                                                                                                                                                                                                        SHA-512:1BE14802B7B2C13DCAEDBFB8814C7DF011A48C27D83C249EE5C074ACD0AF2070595D8809EC1EF92A6DE1FF4BFA55B3D393A9E5390C04EEF72FD1F1952DA2CCAE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 15..VisualStudioVersion = 15.0.28307.489..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CEPluginLibrary", "CEPluginLibrary\CEPluginLibrary.csproj", "{99772D98-3865-4E8D-BB02-A855950904F8}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Any CPU = Debug|Any CPU....Debug|x64 = Debug|x64....Release|Any CPU = Release|Any CPU....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Release|Any CPU.ActiveCfg = Releas

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\cepluginsdk.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21249
                                                                                                                                                                                                                                                                        Entropy (8bit):5.473071232947375
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:MxdQ1dn5s8SJRF6A64O0pgwzG1AXQpmwpN6NnES1sq9X5T:Mxu5s8Kq0pgh1AXKbcnEMT
                                                                                                                                                                                                                                                                        MD5:E4FFD1E2C206AEB1FC1B8ACB2D2FFC38
                                                                                                                                                                                                                                                                        SHA1:A13B6AEF7AA457D47F2745924D4808DAAAB7A809
                                                                                                                                                                                                                                                                        SHA-256:B6500DF1E94D7BB011B38E173B2603197B7A1F304496D751EDE82E57E36E532F
                                                                                                                                                                                                                                                                        SHA-512:25BAC2C4782B15B86BD5940232B91A1227C286979B93E2F5A8129814AFC619AB6A57B8EF6EA60E92B78B16CDEE39098E8CD0129020E73D3A8872AA2421834833
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*.. cepluginsdk.h.. Updated July 4, 2017.... v5.0.0..*/..#ifndef CEPLUGINSDK_H..#define CEPLUGINSDK_H....#include <windows.h>..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"......#define CESDK_VERSION 6....typedef enum {ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8} PluginType;..typedef enum {aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3} AutoAssemblerPhase;....typedef struct _PluginVersion..{.. unsigned int version; //write here the minimum version this dll is compatible with (Current supported version: 1 and 2: this SDK only describes 2).. char *pluginname; //make this point to a 0-terminated string (allocated memory or static addressin your dll, not stack)..} PluginVersion, *PPluginVersion;....typedef struct _PLUGINTYPE0_RECORD..{.. char *interpretedaddress; //pointer to a 255 bytes long string (0 terminated).. UINT_P

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\cepluginsdk.pas (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20820
                                                                                                                                                                                                                                                                        Entropy (8bit):4.9478688580965615
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:BxYxU2LDxW7ZTDfKZeiH22CT3oQf/JQeYX9L:BxYxUauZICT4Qf/JQewL
                                                                                                                                                                                                                                                                        MD5:940913A8A7D44DFAD443E831137C8E56
                                                                                                                                                                                                                                                                        SHA1:4D0BFF7E0F6D917A5DAEBAF092B81BD8BD1C796D
                                                                                                                                                                                                                                                                        SHA-256:CDA5269F441120E5A3BFF2F87E289CD71DE9158CA2A619C7D0A734EB98EE6052
                                                                                                                                                                                                                                                                        SHA-512:3A74F73FD1CEFD89303689AA1907539377D1AAA4D94761FE4EDBBFB9FF08359733A08C388036A8D4452CE10AB8DA80D87A76816030170C2E0B4E9CF4788CA849
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:unit cepluginsdk; //more an api than sdk....{$MODE Delphi}....interface....uses windows, sysutils;....type.. TColor=dword;.. PColor=^TColor;....{$ifndef fpc}..//if old delphi then define the ptruint type..type ptruint=dword;..type pptruint=^ptruint'..{$endif}....const PluginVersionSDK=6;....type TAutoAssemblerPhase=(aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3);..type TPluginType=(ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8);....type TDWordArray = array[0..0] of DWord;.. PDWordArray = ^TDWordArray;....type.. TContinueOption = (co_run=0, co_stepinto=1, co_stepover=2, co_runtill=3);....type.. TBreakpointMethod = (bpmInt3, bpmDebugRegister);....type.. TBreakOption = (bo_Break = 0, bo_ChangeRegister = 1, bo_FindCode = 2, bo_FindWhatCodeAccesses = 3, bo_BreakAndTrace=4);.. TBreakPointAction = TBreakOption;....type.. TBreakp

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\bla.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):77
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1648042349100605
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:UydlFeWIH9y+SNf69JEfo7PKy:U/Xw+SNf6rEMKy
                                                                                                                                                                                                                                                                        MD5:A5D7FBE6A1C5EE5C9B8CC1DD85195A4B
                                                                                                                                                                                                                                                                        SHA1:F755644CD5430ECDBC20BD52A79E1D503694D223
                                                                                                                                                                                                                                                                        SHA-256:49848186572123D3E61B289BD7651DBAB6F130B71C820B3472A2F896B39BB15F
                                                                                                                                                                                                                                                                        SHA-512:AD51E7400AB2AFAE7CC118D859EF623C47D92B81622F05CA1C1BA6D4DF3693B664F52A7F80AF3B7A96119658000B10187F62F0D483A263786C2992363ED1770B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..class weee {.. public:... int abc;.... private:... int bla;....};*/..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.c (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6621
                                                                                                                                                                                                                                                                        Entropy (8bit):5.329177353184485
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:yRhA+IF/NIkm/SM1AnPqLxFohmeZEAdyaWWFVTc7dEug67ok:yRaPeSPACmyTyxxr
                                                                                                                                                                                                                                                                        MD5:9B4403AD7DFC92D6E7D8BE8A4F9C6D76
                                                                                                                                                                                                                                                                        SHA1:55F4E162DC4353B157A94071ED4387646265FE8B
                                                                                                                                                                                                                                                                        SHA-256:A7E319FF2484A156A3B027AC3A0A687EF19F878BE7CC07C06D3A98CD2F16F48F
                                                                                                                                                                                                                                                                        SHA-512:1D77505357B8FE48A6FBF6BE560A33F8FF31353E521D449EBE714A77320D3D98BB3111956AE29C1FE37CD4D5A8FDE2462A7F1F7476D09436730A0F218DBE97ED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// example-c.cpp : Defines the entry point for the DLL application...//....//#define WIN32_LEAN_AND_MEAN..// Exclude rarely-used stuff from Windows headers..// Windows Header Files:......#include <windows.h>..#include <stdio.h>..#include "cepluginsdk.h"..#include "bla.h"....int selfid;..int memorybrowserpluginid=-1; //initialize it to -1 to indicate failure (used by the DisablePlugin routine)..int addresslistPluginID=-1;..int debugpluginID=-1;..int ProcesswatchpluginID=-1;..int PointerReassignmentPluginID=-1;..int MainMenuPluginID=-1;....ExportedFunctions Exported;........void __stdcall mainmenuplugin(void)..{...Exported.ShowMessage("Main menu plugin");...return;..}....void __stdcall PointersReassigned(int reserved)..{...//Check the "Pointer to pointer" objects and decide if you want to redirect them to your own routine, or not...//Usefull for implementing your own read process memory and overriding user choises ...//(e.g when they pick read physical memory and you want to focus on onl

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.def (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):123
                                                                                                                                                                                                                                                                        Entropy (8bit):4.811779479994327
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:T8OEUpBiFc/v1JQChi02V/X1JQChsLZmQLf4lFX1JQChhXT6fW:TeyiF8tJXPKlJXcelJX3jt
                                                                                                                                                                                                                                                                        MD5:16E7BC7FC630EBC06C84FC437CC784AF
                                                                                                                                                                                                                                                                        SHA1:73EBEAE9140D391B8FC8C2A323B0DDEC2E09834F
                                                                                                                                                                                                                                                                        SHA-256:D8882065B6EF9E9A4B544AB301D7C1305B989C2E6DA72769F547781B5642A367
                                                                                                                                                                                                                                                                        SHA-512:7EA5115CFCB40DF766F98B0B19C6C7F91B29F70D76B8BF0BE86344298E22F45E46C491DDD3554ECB9C49340F778D1D1D8141351BD48EA01ECB7FCF158B0D6DED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:LIBRARY..Example-C..EXPORTS .. CEPlugin_GetVersion.@1.. CEPlugin_InitializePlugin @2.. CEPlugin_DisablePlugin @3

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.sln (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1312
                                                                                                                                                                                                                                                                        Entropy (8bit):5.515215172889527
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:zPEkprjnOq3v5mq3a6cq3ovq3c3q3psq3w6Sq3S8mq3iRq3P88W:zPTrjTV75bMaflv37y0UZ
                                                                                                                                                                                                                                                                        MD5:0DC38E698FCA8775DDFC53EB9E2777CE
                                                                                                                                                                                                                                                                        SHA1:031F1563637D3980AC76E7E425B82FE97E4BF8CA
                                                                                                                                                                                                                                                                        SHA-256:4589682CFE7932386BB7E079C63A1303CE16204FAA26A1AD754C743273A30646
                                                                                                                                                                                                                                                                        SHA-512:336E5D3F693479282CC73EF5AD0B88A39554990251ED1587A488B591D7E26B9431B3EF79078A89480D9ECFF9512F3FF66F249983955E4B3657E10FBC3211FE10
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.40629.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "example-c", "example-c.vcxproj", "{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.ActiveCfg = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.Build.0 = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.ActiveCfg = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.Build.0 = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|Win32.ActiveCfg = Release|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcproj (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8651
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1559669229373775
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Splq9zWlIHcHzp1o2q9zEa4HGE1oZq9znl/HcHzpcobq9z/a4HGEcooEtk6084bP:S+hW8SzpOhEXGEbhnFSzpWh/XGE1088
                                                                                                                                                                                                                                                                        MD5:EB57AF6CC5BE00BE4CCA68C11A9DD167
                                                                                                                                                                                                                                                                        SHA1:30766A046E9059200C7A1F834AD446413382EE8A
                                                                                                                                                                                                                                                                        SHA-256:58C62A39812F64D90A6B8A480E6BDCA9C42D285E77A6271F0E5F2F3E80DD668E
                                                                                                                                                                                                                                                                        SHA-512:B4E2D485DC6D4A4B7D2702AA62E737F136B64D3AC6DF134E04A2BB3DAEA3FB6AC7EF603B67CB14630D609A6D767BE0619F5B68A471426A8692A68FED6BA9AE16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="example-c"...ProjectGUID="{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"...RootNamespace="example-c"...Keyword="Win32Proj"...TargetFrameworkVersion="131072"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="Debug".....IntermediateDirectory="Debug".....ConfigurationType="2".....InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops".....CharacterSet="2".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirec

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcxproj (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11635
                                                                                                                                                                                                                                                                        Entropy (8bit):5.284575044062978
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:xY0/awSBAfNEVDyCyaL9CWyaL9CjyaL9CZyaL9CCmVurQaOnp6UTJAZpXWZAWpXP:xx/awoSuhE61pXSpXCVpX8ispX8Mj
                                                                                                                                                                                                                                                                        MD5:1E03374CF6182BEC5B87AD696B3B3D90
                                                                                                                                                                                                                                                                        SHA1:C197F285AFF272A818BB286AD06F09F7D82D41B0
                                                                                                                                                                                                                                                                        SHA-256:07EEC81F9ACD2497979520EE9F028735DD3BAB27312DD93ED6653B28255AA112
                                                                                                                                                                                                                                                                        SHA-512:E10C81E0A00C82D6C6E7582F7002484558FFD2B94D47AF69A898D4CFAC2978F23E41EDE0135ECF252B25534BBD192E0BC78788E9308C5B09E73DEC7EF6F10D82
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}</ProjectGuid>.. <RootNamespace>example-c</RootNamespace>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcxproj.filters (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1723
                                                                                                                                                                                                                                                                        Entropy (8bit):5.096113834015664
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdS4+lOFKMz4DFA5glIFXZ/ZaO0v1ZThRGBv3505Z9FJx3505Z9n93505Z94v355:3Qlo4aunNbR2hW/kbhE/K
                                                                                                                                                                                                                                                                        MD5:9740E73E7CDBD769A46179A035F59FDB
                                                                                                                                                                                                                                                                        SHA1:C923A13EBCD12F98BB4610AF25C833D3D2F6EC30
                                                                                                                                                                                                                                                                        SHA-256:DDAF1810F761922EBCC88D654AE05149C26A9A72CC6FFF0876A8BADBFA59F2B8
                                                                                                                                                                                                                                                                        SHA-512:3DC1CFCF7B7DAB45935E0249AA4566B68AE573A32A5987854E32C168547FB8452E0179DD7465A1BDA780E4AE416C74D4B0885C2F3DC066133D81172BFF575B53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>.. </Filter>.. </ItemGroup>.. <ItemGroup>.. <ClCompile Include="bla.cpp">.. <Filter>Source Files</Filter>.. </ClCompile>.. <ClCompile Include="example-c.c">.. <Filter>Source Files</Filter>.. </ClCompile>.. </ItemGroup

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-202E9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):123
                                                                                                                                                                                                                                                                        Entropy (8bit):4.811779479994327
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:T8OEUpBiFc/v1JQChi02V/X1JQChsLZmQLf4lFX1JQChhXT6fW:TeyiF8tJXPKlJXcelJX3jt
                                                                                                                                                                                                                                                                        MD5:16E7BC7FC630EBC06C84FC437CC784AF
                                                                                                                                                                                                                                                                        SHA1:73EBEAE9140D391B8FC8C2A323B0DDEC2E09834F
                                                                                                                                                                                                                                                                        SHA-256:D8882065B6EF9E9A4B544AB301D7C1305B989C2E6DA72769F547781B5642A367
                                                                                                                                                                                                                                                                        SHA-512:7EA5115CFCB40DF766F98B0B19C6C7F91B29F70D76B8BF0BE86344298E22F45E46C491DDD3554ECB9C49340F778D1D1D8141351BD48EA01ECB7FCF158B0D6DED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:LIBRARY..Example-C..EXPORTS .. CEPlugin_GetVersion.@1.. CEPlugin_InitializePlugin @2.. CEPlugin_DisablePlugin @3

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-4N9VJ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6621
                                                                                                                                                                                                                                                                        Entropy (8bit):5.329177353184485
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:yRhA+IF/NIkm/SM1AnPqLxFohmeZEAdyaWWFVTc7dEug67ok:yRaPeSPACmyTyxxr
                                                                                                                                                                                                                                                                        MD5:9B4403AD7DFC92D6E7D8BE8A4F9C6D76
                                                                                                                                                                                                                                                                        SHA1:55F4E162DC4353B157A94071ED4387646265FE8B
                                                                                                                                                                                                                                                                        SHA-256:A7E319FF2484A156A3B027AC3A0A687EF19F878BE7CC07C06D3A98CD2F16F48F
                                                                                                                                                                                                                                                                        SHA-512:1D77505357B8FE48A6FBF6BE560A33F8FF31353E521D449EBE714A77320D3D98BB3111956AE29C1FE37CD4D5A8FDE2462A7F1F7476D09436730A0F218DBE97ED
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// example-c.cpp : Defines the entry point for the DLL application...//....//#define WIN32_LEAN_AND_MEAN..// Exclude rarely-used stuff from Windows headers..// Windows Header Files:......#include <windows.h>..#include <stdio.h>..#include "cepluginsdk.h"..#include "bla.h"....int selfid;..int memorybrowserpluginid=-1; //initialize it to -1 to indicate failure (used by the DisablePlugin routine)..int addresslistPluginID=-1;..int debugpluginID=-1;..int ProcesswatchpluginID=-1;..int PointerReassignmentPluginID=-1;..int MainMenuPluginID=-1;....ExportedFunctions Exported;........void __stdcall mainmenuplugin(void)..{...Exported.ShowMessage("Main menu plugin");...return;..}....void __stdcall PointersReassigned(int reserved)..{...//Check the "Pointer to pointer" objects and decide if you want to redirect them to your own routine, or not...//Usefull for implementing your own read process memory and overriding user choises ...//(e.g when they pick read physical memory and you want to focus on onl

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-95RBK.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1723
                                                                                                                                                                                                                                                                        Entropy (8bit):5.096113834015664
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdS4+lOFKMz4DFA5glIFXZ/ZaO0v1ZThRGBv3505Z9FJx3505Z9n93505Z94v355:3Qlo4aunNbR2hW/kbhE/K
                                                                                                                                                                                                                                                                        MD5:9740E73E7CDBD769A46179A035F59FDB
                                                                                                                                                                                                                                                                        SHA1:C923A13EBCD12F98BB4610AF25C833D3D2F6EC30
                                                                                                                                                                                                                                                                        SHA-256:DDAF1810F761922EBCC88D654AE05149C26A9A72CC6FFF0876A8BADBFA59F2B8
                                                                                                                                                                                                                                                                        SHA-512:3DC1CFCF7B7DAB45935E0249AA4566B68AE573A32A5987854E32C168547FB8452E0179DD7465A1BDA780E4AE416C74D4B0885C2F3DC066133D81172BFF575B53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>.. </Filter>.. </ItemGroup>.. <ItemGroup>.. <ClCompile Include="bla.cpp">.. <Filter>Source Files</Filter>.. </ClCompile>.. <ClCompile Include="example-c.c">.. <Filter>Source Files</Filter>.. </ClCompile>.. </ItemGroup

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-9CC1K.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1312
                                                                                                                                                                                                                                                                        Entropy (8bit):5.515215172889527
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:zPEkprjnOq3v5mq3a6cq3ovq3c3q3psq3w6Sq3S8mq3iRq3P88W:zPTrjTV75bMaflv37y0UZ
                                                                                                                                                                                                                                                                        MD5:0DC38E698FCA8775DDFC53EB9E2777CE
                                                                                                                                                                                                                                                                        SHA1:031F1563637D3980AC76E7E425B82FE97E4BF8CA
                                                                                                                                                                                                                                                                        SHA-256:4589682CFE7932386BB7E079C63A1303CE16204FAA26A1AD754C743273A30646
                                                                                                                                                                                                                                                                        SHA-512:336E5D3F693479282CC73EF5AD0B88A39554990251ED1587A488B591D7E26B9431B3EF79078A89480D9ECFF9512F3FF66F249983955E4B3657E10FBC3211FE10
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.40629.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "example-c", "example-c.vcxproj", "{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.ActiveCfg = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.Build.0 = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.ActiveCfg = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.Build.0 = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|Win32.ActiveCfg = Release|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-KF0PG.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11635
                                                                                                                                                                                                                                                                        Entropy (8bit):5.284575044062978
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:xY0/awSBAfNEVDyCyaL9CWyaL9CjyaL9CZyaL9CCmVurQaOnp6UTJAZpXWZAWpXP:xx/awoSuhE61pXSpXCVpX8ispX8Mj
                                                                                                                                                                                                                                                                        MD5:1E03374CF6182BEC5B87AD696B3B3D90
                                                                                                                                                                                                                                                                        SHA1:C197F285AFF272A818BB286AD06F09F7D82D41B0
                                                                                                                                                                                                                                                                        SHA-256:07EEC81F9ACD2497979520EE9F028735DD3BAB27312DD93ED6653B28255AA112
                                                                                                                                                                                                                                                                        SHA-512:E10C81E0A00C82D6C6E7582F7002484558FFD2B94D47AF69A898D4CFAC2978F23E41EDE0135ECF252B25534BBD192E0BC78788E9308C5B09E73DEC7EF6F10D82
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}</ProjectGuid>.. <RootNamespace>example-c</RootNamespace>..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-PE5UP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):77
                                                                                                                                                                                                                                                                        Entropy (8bit):4.1648042349100605
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:UydlFeWIH9y+SNf69JEfo7PKy:U/Xw+SNf6rEMKy
                                                                                                                                                                                                                                                                        MD5:A5D7FBE6A1C5EE5C9B8CC1DD85195A4B
                                                                                                                                                                                                                                                                        SHA1:F755644CD5430ECDBC20BD52A79E1D503694D223
                                                                                                                                                                                                                                                                        SHA-256:49848186572123D3E61B289BD7651DBAB6F130B71C820B3472A2F896B39BB15F
                                                                                                                                                                                                                                                                        SHA-512:AD51E7400AB2AFAE7CC118D859EF623C47D92B81622F05CA1C1BA6D4DF3693B664F52A7F80AF3B7A96119658000B10187F62F0D483A263786C2992363ED1770B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..class weee {.. public:... int abc;.... private:... int bla;....};*/..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-Q2NM4.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8651
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1559669229373775
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:Splq9zWlIHcHzp1o2q9zEa4HGE1oZq9znl/HcHzpcobq9z/a4HGEcooEtk6084bP:S+hW8SzpOhEXGEbhnFSzpWh/XGE1088
                                                                                                                                                                                                                                                                        MD5:EB57AF6CC5BE00BE4CCA68C11A9DD167
                                                                                                                                                                                                                                                                        SHA1:30766A046E9059200C7A1F834AD446413382EE8A
                                                                                                                                                                                                                                                                        SHA-256:58C62A39812F64D90A6B8A480E6BDCA9C42D285E77A6271F0E5F2F3E80DD668E
                                                                                                                                                                                                                                                                        SHA-512:B4E2D485DC6D4A4B7D2702AA62E737F136B64D3AC6DF134E04A2BB3DAEA3FB6AC7EF603B67CB14630D609A6D767BE0619F5B68A471426A8692A68FED6BA9AE16
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="example-c"...ProjectGUID="{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"...RootNamespace="example-c"...Keyword="Win32Proj"...TargetFrameworkVersion="131072"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="Debug".....IntermediateDirectory="Debug".....ConfigurationType="2".....InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops".....CharacterSet="2".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirec

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-0BMDT.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:current ar archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):51186
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1687334046820474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:rJFHn1qrIxu38h8ZLE4aydYZs+1RnNqEk7/JNK2A26spyFAaNbghZGV4iwKWV8UN:/buA8ZLbYPncBQ5Rmychrr+W
                                                                                                                                                                                                                                                                        MD5:F22FF9845A888059D8B7F3581E43C098
                                                                                                                                                                                                                                                                        SHA1:766835B82B55B5254CD3CE03AF27C94CE98661AD
                                                                                                                                                                                                                                                                        SHA-256:CD7C6537C01CECF6CC4F71762D4D66092A51E5D99C7BA9C175988DE7308A85B9
                                                                                                                                                                                                                                                                        SHA-512:30A1A33B701928DD5AE8A9C7A9E2C3632E75195155936FE8D63EE26541BEBFE2F9219B6528F7E657D52DB1F6CDEB779D8FEE226B224253CED4D4EFAA349B8BD7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:!<arch>./ -1 0 14598 `....+..t...w...x@...X...X...........Z...Z...........t...t...v...v...z...z...........R...R...........,...,..........."..."...........,...,...........0...0...L...L...................d...d...........h...h...........r...r..................................."..."...........>...>...........B...B...........P...P...................p...p...................................................,...,...........2...2...........L...L...........f...f...........................T...T...........................t...t...................................n...n...........................~...~...d...d...........................................8...8...........................................f...f...:...:...........V...V...........@...@..."..."...................H...H..................|...|....@...@..{6..{6..~...~....J...J..................}...}............*...*..........}v..}v...........*...*...........:...:...........P...P...........Z...Z............

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-46BJP.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8689
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0154559813237505
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:AG3SKmwE5ZD7lq4TJpTPx9W1HPHthPRHroDAtZdJ3/L:AnfEvGAr
                                                                                                                                                                                                                                                                        MD5:414752BF38E58BD6C662587CA7B4291A
                                                                                                                                                                                                                                                                        SHA1:5A82403A8D90D09E9B487AF738ECBCBC0FEEE297
                                                                                                                                                                                                                                                                        SHA-256:1A47911AB8C28536B35B83E9887729B06B00E10DED9C1BDB417ECE7657A6C73A
                                                                                                                                                                                                                                                                        SHA-512:1DC2A3C45C7FC8F8A1C5A59D6907BB03CCE53EA1E24225118190873AE8C3D28A7C4E287505D6BEEC9BB5AC28077576CEAEF04A1E2C48A0E6CBAD8DDFE8FC71D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lauxlib.h,v 1.128 2014/10/29 16:11:17 roberto Exp $..** Auxiliary functions for building Lua libraries..** See Copyright Notice in lua.h..*/......#ifndef lauxlib_h..#define lauxlib_h......#include <stddef.h>..#include <stdio.h>....#include "lua.h"......../* extra error code for 'luaL_load' */..#define LUA_ERRFILE (LUA_ERRERR+1)......typedef struct luaL_Reg {.. const char *name;.. lua_CFunction func;..} luaL_Reg;......#define LUAL_NUMSIZES.(sizeof(lua_Integer)*16 + sizeof(lua_Number))....LUALIB_API void (luaL_checkversion_) (lua_State *L, lua_Number ver, size_t sz);..#define luaL_checkversion(L) \... luaL_checkversion_(L, LUA_VERSION_NUM, LUAL_NUMSIZES)....LUALIB_API int (luaL_getmetafield) (lua_State *L, int obj, const char *e);..LUALIB_API int (luaL_callmeta) (lua_State *L, int obj, const char *e);..LUALIB_API const char *(luaL_tolstring) (lua_State *L, int idx, size_t *len);..LUALIB_API int (luaL_argerror) (lua_State *L, int arg, const char *extramsg);..LUALIB_API

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-8U0IN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):20820
                                                                                                                                                                                                                                                                        Entropy (8bit):4.9478688580965615
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:BxYxU2LDxW7ZTDfKZeiH22CT3oQf/JQeYX9L:BxYxUauZICT4Qf/JQewL
                                                                                                                                                                                                                                                                        MD5:940913A8A7D44DFAD443E831137C8E56
                                                                                                                                                                                                                                                                        SHA1:4D0BFF7E0F6D917A5DAEBAF092B81BD8BD1C796D
                                                                                                                                                                                                                                                                        SHA-256:CDA5269F441120E5A3BFF2F87E289CD71DE9158CA2A619C7D0A734EB98EE6052
                                                                                                                                                                                                                                                                        SHA-512:3A74F73FD1CEFD89303689AA1907539377D1AAA4D94761FE4EDBBFB9FF08359733A08C388036A8D4452CE10AB8DA80D87A76816030170C2E0B4E9CF4788CA849
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:unit cepluginsdk; //more an api than sdk....{$MODE Delphi}....interface....uses windows, sysutils;....type.. TColor=dword;.. PColor=^TColor;....{$ifndef fpc}..//if old delphi then define the ptruint type..type ptruint=dword;..type pptruint=^ptruint'..{$endif}....const PluginVersionSDK=6;....type TAutoAssemblerPhase=(aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3);..type TPluginType=(ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8);....type TDWordArray = array[0..0] of DWord;.. PDWordArray = ^TDWordArray;....type.. TContinueOption = (co_run=0, co_stepinto=1, co_stepover=2, co_runtill=3);....type.. TBreakpointMethod = (bpmInt3, bpmDebugRegister);....type.. TBreakOption = (bo_Break = 0, bo_ChangeRegister = 1, bo_FindCode = 2, bo_FindWhatCodeAccesses = 3, bo_BreakAndTrace=4);.. TBreakPointAction = TBreakOption;....type.. TBreakp

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-BBPDR.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:current ar archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):30522
                                                                                                                                                                                                                                                                        Entropy (8bit):4.730977794432752
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:G+9VzUvXP24qb80klIfUYFXk6mN6O4teI0BhIan342:54V
                                                                                                                                                                                                                                                                        MD5:AAE95F62EAD4B09BAD0CDEBC9F68D8FC
                                                                                                                                                                                                                                                                        SHA1:6B8A2A943DEAC8E4F89E3985E04FD364B35065C8
                                                                                                                                                                                                                                                                        SHA-256:55B823D33C806BAAB879D3E8FD4D02253B719DCB9D4C7A74A1947AF0C99F7132
                                                                                                                                                                                                                                                                        SHA-512:0874A2A6D4F48EB9EBAF6FD4886ABF062EEA1F55FD2E8771B597C9EEE6666F74D44067D4074B52C5B453197D76DC575CE8608CA893F7377F9218345CBCA8BEE4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:!<arch>./ -1 0 6568 `....+..3...6...7@..p...p...p|..p|..j...j...W...W...\...\...f...f...Q...Q...Z...Z...O*..O*..\...\...P...P...Q:..Q:..kf..kf..Pj..Pj..Z...Z...]...]...M...M...j...j...iB..iB..e...e...e...e...d...d...hn..hn..g,..g,..i...i...g...g...W...W...Uj..Uj..O...O...c...c...cp..cp..c...c...T,..T,..R...R...VF..VF..Rx..Rx..aP..aP.._(.._(..]n..]n..]...]...^L..^L..b*..b*..`...`..._..._...^...^...`t..`t..`...`...nb..nb..n...n...o:..o:..l...l...dD..dD..m...m...lB..lB..m...m...m...m...k...k...N...N...L...L...b...b...Y...Y...Y@..Y@..X...X...Xh..Xh..W...W...p...p...o...o...a...a...O...O...fV..fV..j...j...V...V...LD..LD..qV..qV..M...M...q...q...M...M...?...?...D*..D*..A...A...H...H...A...A...IJ..IJ..D...D...G(..G(..J...J...B...B...;$..;$..@...@...CL..CL..Bn..Bn..B...B...Kp..Kp..Hv..Hv..:...:...:H..:H..9p..9p..H...H...G...G...9...9...8...8...F...F...En..En..;...;...FJ..FJ..<...<...E...E...<l..<l..;...;...>*..>*..=...=...=L..=L..>...>...J&..J&..I.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-DS67S.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1231
                                                                                                                                                                                                                                                                        Entropy (8bit):5.27341352475105
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1i4ToLKs3cpb0gxTCLZKds9dk3kzVr4FiRok:Eaom3IVWiRok
                                                                                                                                                                                                                                                                        MD5:D763A23012A8DAFD2D76CE4A0609CC17
                                                                                                                                                                                                                                                                        SHA1:B7C2040F6EF844048A1B17E204658AD0F5C6957E
                                                                                                                                                                                                                                                                        SHA-256:3890F6CE73F70F6EB67EC42A74F7C8CEF40FA184659934906648C8ACADB53FBF
                                                                                                                                                                                                                                                                        SHA-512:9AC100782422E02809F5A63A42B9787F97C9FF292CC3EBB7E2DC39B5E40E671C566A74DEC8D1A748B7D4E8666499F045FDEE6ED4DDB0207FF7856145CBFD294E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lualib.h,v 1.44 2014/02/06 17:32:33 roberto Exp $..** Lua standard libraries..** See Copyright Notice in lua.h..*/......#ifndef lualib_h..#define lualib_h....#include "lua.h"........LUAMOD_API int (luaopen_base) (lua_State *L);....#define LUA_COLIBNAME."coroutine"..LUAMOD_API int (luaopen_coroutine) (lua_State *L);....#define LUA_TABLIBNAME."table"..LUAMOD_API int (luaopen_table) (lua_State *L);....#define LUA_IOLIBNAME."io"..LUAMOD_API int (luaopen_io) (lua_State *L);....#define LUA_OSLIBNAME."os"..LUAMOD_API int (luaopen_os) (lua_State *L);....#define LUA_STRLIBNAME."string"..LUAMOD_API int (luaopen_string) (lua_State *L);....#define LUA_UTF8LIBNAME."utf8"..LUAMOD_API int (luaopen_utf8) (lua_State *L);....#define LUA_BITLIBNAME."bit32"..LUAMOD_API int (luaopen_bit32) (lua_State *L);....#define LUA_MATHLIBNAME."math"..LUAMOD_API int (luaopen_math) (lua_State *L);....#define LUA_DBLIBNAME."debug"..LUAMOD_API int (luaopen_debug) (lua_State *L);....#define LUA_LOADLIBNAME."pa

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-EFHQA.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15219
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2811147294549095
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:e0NdvtffvT5GDazPCagC/3hJiOY4k1gN3glwkp7MYTG26nRRT46lQHTa:lf4Dg6agC/3h8OBk7wkJMYTG1Rxqa
                                                                                                                                                                                                                                                                        MD5:555A7140BBD46A1B5BFD5BAC4A9A9F10
                                                                                                                                                                                                                                                                        SHA1:457CEE5851A018909D1BC96824E99C0C775166EE
                                                                                                                                                                                                                                                                        SHA-256:8AEF3FA9669BDC5E7659389E276F31EC779CA4BDF96E2C9ADA07DD9458A47416
                                                                                                                                                                                                                                                                        SHA-512:34B85999AA982DE19630DFA2100C60618758A4247FE5CDB3320E04904415619AA437A72E97B5E67AD287E47C66E73C7FD04DA6786DC1FCFA981207541043F3FB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lua.h,v 1.325 2014/12/26 17:24:27 roberto Exp $..** Lua - A Scripting Language..** Lua.org, PUC-Rio, Brazil (http://www.lua.org)..** See Copyright Notice at the end of this file..*/......#ifndef lua_h..#define lua_h....#include <stdarg.h>..#include <stddef.h>......#include "luaconf.h"......#define LUA_VERSION_MAJOR."5"..#define LUA_VERSION_MINOR."3"..#define LUA_VERSION_NUM..503..#define LUA_VERSION_RELEASE."0"....#define LUA_VERSION."Lua " LUA_VERSION_MAJOR "." LUA_VERSION_MINOR..#define LUA_RELEASE.LUA_VERSION "." LUA_VERSION_RELEASE..#define LUA_COPYRIGHT.LUA_RELEASE " Copyright (C) 1994-2015 Lua.org, PUC-Rio"..#define LUA_AUTHORS."R. Ierusalimschy, L. H. de Figueiredo, W. Celes"....../* mark for precompiled code ('<esc>Lua') */..#define LUA_SIGNATURE."\x1bLua"..../* option for multiple returns in 'lua_pcall' and 'lua_call' */..#define LUA_MULTRET.(-1)....../*..** pseudo-indices..*/..#define LUA_REGISTRYINDEX.LUAI_FIRSTPSEUDOIDX..#define lua_upvalueindex(i).(LUA_REGISTR

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-G4416.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):200
                                                                                                                                                                                                                                                                        Entropy (8bit):4.66236463636852
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jVVr02QbOwsrQl+EEKu/OrxReAEiMlAEgrlAQ0l:jVxxQCJZECueAEdlAEgrlAQy
                                                                                                                                                                                                                                                                        MD5:5D2DD4FF9F4C38D14220BB0E425B796C
                                                                                                                                                                                                                                                                        SHA1:2FD297C467FFCD72CF9CD21450E5BEAD0AE23962
                                                                                                                                                                                                                                                                        SHA-256:A7A47CE4CD19F703B8025696F0631C09A664D54CFA831BE4538D10441AEBB48D
                                                                                                                                                                                                                                                                        SHA-512:C84EC5C6F867DF99C9C8C4F57AF4795E2FACA7D81F111F7AECC568CD5A28DE3971A1BFCFEF9950181FF2FA67B82542840488DE718D95F87877F51B0709CE10D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// lua.hpp..// Lua header files for C++..// <<extern "C">> not supplied automatically because Lua also compiles as C++....extern "C" {..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"..}..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-QKA5O.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21249
                                                                                                                                                                                                                                                                        Entropy (8bit):5.473071232947375
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:MxdQ1dn5s8SJRF6A64O0pgwzG1AXQpmwpN6NnES1sq9X5T:Mxu5s8Kq0pgh1AXKbcnEMT
                                                                                                                                                                                                                                                                        MD5:E4FFD1E2C206AEB1FC1B8ACB2D2FFC38
                                                                                                                                                                                                                                                                        SHA1:A13B6AEF7AA457D47F2745924D4808DAAAB7A809
                                                                                                                                                                                                                                                                        SHA-256:B6500DF1E94D7BB011B38E173B2603197B7A1F304496D751EDE82E57E36E532F
                                                                                                                                                                                                                                                                        SHA-512:25BAC2C4782B15B86BD5940232B91A1227C286979B93E2F5A8129814AFC619AB6A57B8EF6EA60E92B78B16CDEE39098E8CD0129020E73D3A8872AA2421834833
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*.. cepluginsdk.h.. Updated July 4, 2017.... v5.0.0..*/..#ifndef CEPLUGINSDK_H..#define CEPLUGINSDK_H....#include <windows.h>..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"......#define CESDK_VERSION 6....typedef enum {ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8} PluginType;..typedef enum {aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3} AutoAssemblerPhase;....typedef struct _PluginVersion..{.. unsigned int version; //write here the minimum version this dll is compatible with (Current supported version: 1 and 2: this SDK only describes 2).. char *pluginname; //make this point to a 0-terminated string (allocated memory or static addressin your dll, not stack)..} PluginVersion, *PPluginVersion;....typedef struct _PLUGINTYPE0_RECORD..{.. char *interpretedaddress; //pointer to a 255 bytes long string (0 terminated).. UINT_P

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\is-SQ72U.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21043
                                                                                                                                                                                                                                                                        Entropy (8bit):5.394919695008515
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:AmA+N/G+woUL8m7ETjv68AaMNZjXrQvLXF2ZsgcoGkR3lY6TKhaokMC5:++zbTr68AaMNZjXrQvLXF2ZsgcoGkR3T
                                                                                                                                                                                                                                                                        MD5:FE4F0BA514434B7F01983B97F6E517E0
                                                                                                                                                                                                                                                                        SHA1:7057FB0BCC204AC4E65AADDBDA350BF8F7488A3E
                                                                                                                                                                                                                                                                        SHA-256:0C5D09A7908F99B80377B3157A0BD37C6322CDC0AF437E99501AE746037408EC
                                                                                                                                                                                                                                                                        SHA-512:BEBB3A5C5384D0A08955A95970A40509D2ECE40FEEFB0A7C80BBFD4F9CF02E88AED69B5BF05BA6FFFABDD88D364BBB717AD4F59E3A1B6999BCD1CDEBDD410D53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: luaconf.h,v 1.238 2014/12/29 13:27:55 roberto Exp $..** Configuration file for Lua..** See Copyright Notice in lua.h..*/......#ifndef luaconf_h..#define luaconf_h....#include <limits.h>..#include <stddef.h>....../*..** ===================================================================..** Search for "@@" to find all configurable definitions...** ===================================================================..*/....../*..** {====================================================================..** System Configuration: macros to adapt (if needed) Lua to some..** particular platform, for instance compiling it with 32-bit numbers or..** restricting it to C89...** =====================================================================..*/..../*..@@ LUA_32BITS enables Lua with 32-bit integers and 32-bit floats. You..** can also define LUA_32BITS in the make file, but changing here you..** ensure that all software connected to Lua will be compiled with the..** same configurati

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lauxlib.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8689
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0154559813237505
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:AG3SKmwE5ZD7lq4TJpTPx9W1HPHthPRHroDAtZdJ3/L:AnfEvGAr
                                                                                                                                                                                                                                                                        MD5:414752BF38E58BD6C662587CA7B4291A
                                                                                                                                                                                                                                                                        SHA1:5A82403A8D90D09E9B487AF738ECBCBC0FEEE297
                                                                                                                                                                                                                                                                        SHA-256:1A47911AB8C28536B35B83E9887729B06B00E10DED9C1BDB417ECE7657A6C73A
                                                                                                                                                                                                                                                                        SHA-512:1DC2A3C45C7FC8F8A1C5A59D6907BB03CCE53EA1E24225118190873AE8C3D28A7C4E287505D6BEEC9BB5AC28077576CEAEF04A1E2C48A0E6CBAD8DDFE8FC71D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lauxlib.h,v 1.128 2014/10/29 16:11:17 roberto Exp $..** Auxiliary functions for building Lua libraries..** See Copyright Notice in lua.h..*/......#ifndef lauxlib_h..#define lauxlib_h......#include <stddef.h>..#include <stdio.h>....#include "lua.h"......../* extra error code for 'luaL_load' */..#define LUA_ERRFILE (LUA_ERRERR+1)......typedef struct luaL_Reg {.. const char *name;.. lua_CFunction func;..} luaL_Reg;......#define LUAL_NUMSIZES.(sizeof(lua_Integer)*16 + sizeof(lua_Number))....LUALIB_API void (luaL_checkversion_) (lua_State *L, lua_Number ver, size_t sz);..#define luaL_checkversion(L) \... luaL_checkversion_(L, LUA_VERSION_NUM, LUAL_NUMSIZES)....LUALIB_API int (luaL_getmetafield) (lua_State *L, int obj, const char *e);..LUALIB_API int (luaL_callmeta) (lua_State *L, int obj, const char *e);..LUALIB_API const char *(luaL_tolstring) (lua_State *L, int idx, size_t *len);..LUALIB_API int (luaL_argerror) (lua_State *L, int arg, const char *extramsg);..LUALIB_API

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lua.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15219
                                                                                                                                                                                                                                                                        Entropy (8bit):5.2811147294549095
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:e0NdvtffvT5GDazPCagC/3hJiOY4k1gN3glwkp7MYTG26nRRT46lQHTa:lf4Dg6agC/3h8OBk7wkJMYTG1Rxqa
                                                                                                                                                                                                                                                                        MD5:555A7140BBD46A1B5BFD5BAC4A9A9F10
                                                                                                                                                                                                                                                                        SHA1:457CEE5851A018909D1BC96824E99C0C775166EE
                                                                                                                                                                                                                                                                        SHA-256:8AEF3FA9669BDC5E7659389E276F31EC779CA4BDF96E2C9ADA07DD9458A47416
                                                                                                                                                                                                                                                                        SHA-512:34B85999AA982DE19630DFA2100C60618758A4247FE5CDB3320E04904415619AA437A72E97B5E67AD287E47C66E73C7FD04DA6786DC1FCFA981207541043F3FB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lua.h,v 1.325 2014/12/26 17:24:27 roberto Exp $..** Lua - A Scripting Language..** Lua.org, PUC-Rio, Brazil (http://www.lua.org)..** See Copyright Notice at the end of this file..*/......#ifndef lua_h..#define lua_h....#include <stdarg.h>..#include <stddef.h>......#include "luaconf.h"......#define LUA_VERSION_MAJOR."5"..#define LUA_VERSION_MINOR."3"..#define LUA_VERSION_NUM..503..#define LUA_VERSION_RELEASE."0"....#define LUA_VERSION."Lua " LUA_VERSION_MAJOR "." LUA_VERSION_MINOR..#define LUA_RELEASE.LUA_VERSION "." LUA_VERSION_RELEASE..#define LUA_COPYRIGHT.LUA_RELEASE " Copyright (C) 1994-2015 Lua.org, PUC-Rio"..#define LUA_AUTHORS."R. Ierusalimschy, L. H. de Figueiredo, W. Celes"....../* mark for precompiled code ('<esc>Lua') */..#define LUA_SIGNATURE."\x1bLua"..../* option for multiple returns in 'lua_pcall' and 'lua_call' */..#define LUA_MULTRET.(-1)....../*..** pseudo-indices..*/..#define LUA_REGISTRYINDEX.LUAI_FIRSTPSEUDOIDX..#define lua_upvalueindex(i).(LUA_REGISTR

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lua.hpp (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):200
                                                                                                                                                                                                                                                                        Entropy (8bit):4.66236463636852
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:jVVr02QbOwsrQl+EEKu/OrxReAEiMlAEgrlAQ0l:jVxxQCJZECueAEdlAEgrlAQy
                                                                                                                                                                                                                                                                        MD5:5D2DD4FF9F4C38D14220BB0E425B796C
                                                                                                                                                                                                                                                                        SHA1:2FD297C467FFCD72CF9CD21450E5BEAD0AE23962
                                                                                                                                                                                                                                                                        SHA-256:A7A47CE4CD19F703B8025696F0631C09A664D54CFA831BE4538D10441AEBB48D
                                                                                                                                                                                                                                                                        SHA-512:C84EC5C6F867DF99C9C8C4F57AF4795E2FACA7D81F111F7AECC568CD5A28DE3971A1BFCFEF9950181FF2FA67B82542840488DE718D95F87877F51B0709CE10D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:// lua.hpp..// Lua header files for C++..// <<extern "C">> not supplied automatically because Lua also compiles as C++....extern "C" {..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"..}..

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lua53-32.lib (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:current ar archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):30522
                                                                                                                                                                                                                                                                        Entropy (8bit):4.730977794432752
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:G+9VzUvXP24qb80klIfUYFXk6mN6O4teI0BhIan342:54V
                                                                                                                                                                                                                                                                        MD5:AAE95F62EAD4B09BAD0CDEBC9F68D8FC
                                                                                                                                                                                                                                                                        SHA1:6B8A2A943DEAC8E4F89E3985E04FD364B35065C8
                                                                                                                                                                                                                                                                        SHA-256:55B823D33C806BAAB879D3E8FD4D02253B719DCB9D4C7A74A1947AF0C99F7132
                                                                                                                                                                                                                                                                        SHA-512:0874A2A6D4F48EB9EBAF6FD4886ABF062EEA1F55FD2E8771B597C9EEE6666F74D44067D4074B52C5B453197D76DC575CE8608CA893F7377F9218345CBCA8BEE4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:!<arch>./ -1 0 6568 `....+..3...6...7@..p...p...p|..p|..j...j...W...W...\...\...f...f...Q...Q...Z...Z...O*..O*..\...\...P...P...Q:..Q:..kf..kf..Pj..Pj..Z...Z...]...]...M...M...j...j...iB..iB..e...e...e...e...d...d...hn..hn..g,..g,..i...i...g...g...W...W...Uj..Uj..O...O...c...c...cp..cp..c...c...T,..T,..R...R...VF..VF..Rx..Rx..aP..aP.._(.._(..]n..]n..]...]...^L..^L..b*..b*..`...`..._..._...^...^...`t..`t..`...`...nb..nb..n...n...o:..o:..l...l...dD..dD..m...m...lB..lB..m...m...m...m...k...k...N...N...L...L...b...b...Y...Y...Y@..Y@..X...X...Xh..Xh..W...W...p...p...o...o...a...a...O...O...fV..fV..j...j...V...V...LD..LD..qV..qV..M...M...q...q...M...M...?...?...D*..D*..A...A...H...H...A...A...IJ..IJ..D...D...G(..G(..J...J...B...B...;$..;$..@...@...CL..CL..Bn..Bn..B...B...Kp..Kp..Hv..Hv..:...:...:H..:H..9p..9p..H...H...G...G...9...9...8...8...F...F...En..En..;...;...FJ..FJ..<...<...E...E...<l..<l..;...;...>*..>*..=...=...=L..=L..>...>...J&..J&..I.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lua53-64.lib (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:current ar archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):51186
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1687334046820474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:rJFHn1qrIxu38h8ZLE4aydYZs+1RnNqEk7/JNK2A26spyFAaNbghZGV4iwKWV8UN:/buA8ZLbYPncBQ5Rmychrr+W
                                                                                                                                                                                                                                                                        MD5:F22FF9845A888059D8B7F3581E43C098
                                                                                                                                                                                                                                                                        SHA1:766835B82B55B5254CD3CE03AF27C94CE98661AD
                                                                                                                                                                                                                                                                        SHA-256:CD7C6537C01CECF6CC4F71762D4D66092A51E5D99C7BA9C175988DE7308A85B9
                                                                                                                                                                                                                                                                        SHA-512:30A1A33B701928DD5AE8A9C7A9E2C3632E75195155936FE8D63EE26541BEBFE2F9219B6528F7E657D52DB1F6CDEB779D8FEE226B224253CED4D4EFAA349B8BD7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:!<arch>./ -1 0 14598 `....+..t...w...x@...X...X...........Z...Z...........t...t...v...v...z...z...........R...R...........,...,..........."..."...........,...,...........0...0...L...L...................d...d...........h...h...........r...r..................................."..."...........>...>...........B...B...........P...P...................p...p...................................................,...,...........2...2...........L...L...........f...f...........................T...T...........................t...t...................................n...n...........................~...~...d...d...........................................8...8...........................................f...f...:...:...........V...V...........@...@..."..."...................H...H..................|...|....@...@..{6..{6..~...~....J...J..................}...}............*...*..........}v..}v...........*...*...........:...:...........P...P...........Z...Z............

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\luaconf.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21043
                                                                                                                                                                                                                                                                        Entropy (8bit):5.394919695008515
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:AmA+N/G+woUL8m7ETjv68AaMNZjXrQvLXF2ZsgcoGkR3lY6TKhaokMC5:++zbTr68AaMNZjXrQvLXF2ZsgcoGkR3T
                                                                                                                                                                                                                                                                        MD5:FE4F0BA514434B7F01983B97F6E517E0
                                                                                                                                                                                                                                                                        SHA1:7057FB0BCC204AC4E65AADDBDA350BF8F7488A3E
                                                                                                                                                                                                                                                                        SHA-256:0C5D09A7908F99B80377B3157A0BD37C6322CDC0AF437E99501AE746037408EC
                                                                                                                                                                                                                                                                        SHA-512:BEBB3A5C5384D0A08955A95970A40509D2ECE40FEEFB0A7C80BBFD4F9CF02E88AED69B5BF05BA6FFFABDD88D364BBB717AD4F59E3A1B6999BCD1CDEBDD410D53
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: luaconf.h,v 1.238 2014/12/29 13:27:55 roberto Exp $..** Configuration file for Lua..** See Copyright Notice in lua.h..*/......#ifndef luaconf_h..#define luaconf_h....#include <limits.h>..#include <stddef.h>....../*..** ===================================================================..** Search for "@@" to find all configurable definitions...** ===================================================================..*/....../*..** {====================================================================..** System Configuration: macros to adapt (if needed) Lua to some..** particular platform, for instance compiling it with 32-bit numbers or..** restricting it to C89...** =====================================================================..*/..../*..@@ LUA_32BITS enables Lua with 32-bit integers and 32-bit floats. You..** can also define LUA_32BITS in the make file, but changing here you..** ensure that all software connected to Lua will be compiled with the..** same configurati

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\plugins\lualib.h (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1231
                                                                                                                                                                                                                                                                        Entropy (8bit):5.27341352475105
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:1i4ToLKs3cpb0gxTCLZKds9dk3kzVr4FiRok:Eaom3IVWiRok
                                                                                                                                                                                                                                                                        MD5:D763A23012A8DAFD2D76CE4A0609CC17
                                                                                                                                                                                                                                                                        SHA1:B7C2040F6EF844048A1B17E204658AD0F5C6957E
                                                                                                                                                                                                                                                                        SHA-256:3890F6CE73F70F6EB67EC42A74F7C8CEF40FA184659934906648C8ACADB53FBF
                                                                                                                                                                                                                                                                        SHA-512:9AC100782422E02809F5A63A42B9787F97C9FF292CC3EBB7E2DC39B5E40E671C566A74DEC8D1A748B7D4E8666499F045FDEE6ED4DDB0207FF7856145CBFD294E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/*..** $Id: lualib.h,v 1.44 2014/02/06 17:32:33 roberto Exp $..** Lua standard libraries..** See Copyright Notice in lua.h..*/......#ifndef lualib_h..#define lualib_h....#include "lua.h"........LUAMOD_API int (luaopen_base) (lua_State *L);....#define LUA_COLIBNAME."coroutine"..LUAMOD_API int (luaopen_coroutine) (lua_State *L);....#define LUA_TABLIBNAME."table"..LUAMOD_API int (luaopen_table) (lua_State *L);....#define LUA_IOLIBNAME."io"..LUAMOD_API int (luaopen_io) (lua_State *L);....#define LUA_OSLIBNAME."os"..LUAMOD_API int (luaopen_os) (lua_State *L);....#define LUA_STRLIBNAME."string"..LUAMOD_API int (luaopen_string) (lua_State *L);....#define LUA_UTF8LIBNAME."utf8"..LUAMOD_API int (luaopen_utf8) (lua_State *L);....#define LUA_BITLIBNAME."bit32"..LUAMOD_API int (luaopen_bit32) (lua_State *L);....#define LUA_MATHLIBNAME."math"..LUAMOD_API int (luaopen_math) (lua_State *L);....#define LUA_DBLIBNAME."debug"..LUAMOD_API int (luaopen_debug) (lua_State *L);....#define LUA_LOADLIBNAME."pa

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):205720
                                                                                                                                                                                                                                                                        Entropy (8bit):6.5406944146931805
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:KNyaW1Pg7kFtOp8+vRha0DAyheYn13qaIhRFXOucMEx33sOZrcOo:KNyal78m8+vRMEe4a4OEtTi
                                                                                                                                                                                                                                                                        MD5:6E00495955D4EFAAC2E1602EB47033EE
                                                                                                                                                                                                                                                                        SHA1:95C2998D35ADCF2814EC7C056BFBE0A0EB6A100C
                                                                                                                                                                                                                                                                        SHA-256:5E24A5FE17EC001CAB7118328A4BFF0F2577BD057206C6C886C3B7FB98E0D6D9
                                                                                                                                                                                                                                                                        SHA-512:2004D1DEF322B6DD7B129FE4FA7BBE5D42AB280B2E9E81DE806F54313A7ED7231F71B62B6138AC767288FEE796092F3397E5390E858E06E55A69B0D00F18B866
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...G ........)...........0...............................@..........................................@.......P........................g......."......................................................h............................text... ........................... ..`.data........0......................@....rdata..._...P...`...*..............@..@.bss.....)...............................CRT................................@....idata..=...........................@....edata..@...........................@..@.reloc...".......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):262552
                                                                                                                                                                                                                                                                        Entropy (8bit):6.029187209935358
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:JViiO5Ea9m3XJusq4opSm7Im9SC2w/iKhF58jfq65bgusSVIRZOl0vDoD4CfOMsj:JVZcWJusRPm7kCdKfkkApZt
                                                                                                                                                                                                                                                                        MD5:19B2050B660A4F9FCB71C93853F2E79C
                                                                                                                                                                                                                                                                        SHA1:5FFA886FA019FCD20008E8820A0939C09A62407A
                                                                                                                                                                                                                                                                        SHA-256:5421B570FBC1165D7794C08279E311672DC4F42CB7AE1CBDDCD7EEA0B1136FFF
                                                                                                                                                                                                                                                                        SHA-512:A93E47387AB0D327B71C3045B3964C7586D0E03DDDB2E692F6671FB99659E829591D5F23CE7A95683D82D239BA7D11FB5A123834629A53DE5CE5DBA6AA714A9A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...G O......h...`...............................................J^..................................................@.......P............`...-.......g..........................................................P................................text... O.......P.................. ..`.data........`.......T..............@....rdata..l............n..............@..@.pdata...-...`.......F..............@..@.bss....h................................CRT.................t..............@....idata...............v..............@....edata..@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\standalonephase1.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):28924
                                                                                                                                                                                                                                                                        Entropy (8bit):7.991784495689372
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:SSHnnhPVVYCzrpCuqOMWlPLe1uvY1R78Occgok:SSHnnJDXZY1RgOccK
                                                                                                                                                                                                                                                                        MD5:FE3637780172B207CB31BB3DC612CD34
                                                                                                                                                                                                                                                                        SHA1:B65FA4078DCB813EBBA16784C80BC7A0E71025DD
                                                                                                                                                                                                                                                                        SHA-256:080A0AE9634FB07F2E9B1DDEA31491564195865DCD2B6201E1A10A13E8CDD5E9
                                                                                                                                                                                                                                                                        SHA-512:8F1DA48E6F224B7E7E6EF26D11D3C484A254E9A335DA9E59B837A81F9B7DB501039F31EF9AD055A07BB139BC1147C114923742C3204156AE3371A0F225A433CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK......x.E.0..$.0I..`.........M......&...!.w...eC7.J .q.)Zq..u..^Y...z..+?.8C0!..T@A.k......0..s.g.......<....%.tuU.:u...SU..+...9.......3......./}...WS.....).{.Y....g..?....?...L...C9..Os..iN."w.O~..[..Rsc8~.u....3.....<s....L+s...+...3.3...............3s.{..^.s-..'.-0%r.n..2...%.F.R8.I..a.LxX..|...=...ci...cb....&.v41@..t...gy..V.7..a.....r..\..k...\j...o..Z/.{..#..Xc......xPz..2...>.~.....:n5...7..x.....Z.....n..+.....h.....t............W....j.8..m.s.k/.e\..Jc}.. W......:8z....C.i[s..9..qz.........[Z6.~.k..7....!...Tk....u...;8m3.U....|.y_.+x...A..f@6...p........I.....z..<.p.L.@.K?.a.0..O....... ..f..d0.w.>N-..E.w...L.-.b.g....{..K@.....gf.T (>.&.c..)o)7aQ#$.<.@2;.Y.......u.Wu.-....J.\hv.j..V..,.Kv.2.s.N...g.X......mf@P.....k....Q..../...Fj.5.........X{h............r...`.q+U.\.=..,Yf..).....dV..a..m.@..'iQVP....e..3.../v`@{ ..<C&...||........3..7....<.)....u+6:2.V..{......B.]ibU.r.........H*.ea..M.E.ct.m.r.+}f..X2 . ...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\standalonephase2.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):99199
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9924368254113025
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:CGNxLS1cRzW1Dx15WXGNp7u4A3AP6ovMlJEyWYykDQdTkQRWMJv2kXWMFopxLZq5:QcFW1DdDrTP6o0jEyERskXepHqz9
                                                                                                                                                                                                                                                                        MD5:EC8679FCB11314E333F6518113F1D71E
                                                                                                                                                                                                                                                                        SHA1:F6642D2551238733324141810B12C964FFE3B518
                                                                                                                                                                                                                                                                        SHA-256:45CFE56AE9CBB58FC51700425A19771C87029F63CB1A96CB258AEBE6AEE9D37A
                                                                                                                                                                                                                                                                        SHA-512:71EF7CBACD90317D32B0E4E81F64B6A4BABF644A1391396E9FF6C000C902660CFE87E5A86DF456EF5FB2DE0E6688BBF0778AB917D98BC86FB81AEA658672B4DB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK.....}}|S.....m....B..k...U7.....Q.@..u.a...V.`...zz..6.~u..'.lCe...(i...2M)....dzK.F.m(.....4.....~....M..s...<.y.s.M.]>F.0..O,.0-..W.......?.....\......+.>..p].c.........9...@a......-\r...G.[......U....,c.R..1.>..O...53.fI)..7.2L..S..N..U.W..DD.|..,~...SJcz....z.,....*...4.Sz...t....lrb..G.P........}.....C..@.>..;t).......e...#.._..+.....c.i.....W......?.z..........-i.ui.U.......Z3....[.....O.b........I.....4..x.&n...h..4.bM.:M|.&.@./..h.VM|.&^.....Wk..h..i.k4....:M..o..5.:M.A.o....}.........fM|.&.U...o..wh.-..nM.....4.x@.?...5..x.&~Z..5..M<...j..M<..3...9M...5q.&....h..5.BM......i...u..|M|.&^../....2M.B._............h.k5.5.u..S...Wk.u.x.&..&.......7k.[4..6M|.&.C.oI..k./m|s.o..9....%.(.Mu..N-b..s/..!1.V.).s<~\....d...U...m..((...|._...{...y70/.A.X....b... ....@:..l3..tdT`....b...>Z*..!......~.'....G:XF...H\."....%...T.+^x~.....?b.......}S...0........+.9UP.l...........v.O..].?...6.....g1.s.i...,.0..[...<.C.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):386976
                                                                                                                                                                                                                                                                        Entropy (8bit):6.870368063282166
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:359aKWK/HqY5AXeWEfv6TBr4udWNrzJD10P9TQmxhAIXiCUXEC+Y4r/w2MGkTkm/:J9WsHse9fvcBrnd8rzZ10eMhEChC+Ygi
                                                                                                                                                                                                                                                                        MD5:486237BC5FA41DCE8C3022B9B6221FE5
                                                                                                                                                                                                                                                                        SHA1:C00BA51895DEAB2054C6F0F7DD3CF397E119C6FE
                                                                                                                                                                                                                                                                        SHA-256:4E2C87700CCDD3B34215C6BC64AE4582AC5FF373CFD3E93E8F7D2016960BA80D
                                                                                                                                                                                                                                                                        SHA-512:5F4010D8F9B0C865DE209E90625F178C8A7370AF1F7BE85552147EBD9EE7D033B01DD5A277FB646E2D289D2821462ADBB0959E507CD0A044CE79CB1C526A385B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...;.6c...........!.....f...N......D.....................................................@..........................B......$F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..t............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):386976
                                                                                                                                                                                                                                                                        Entropy (8bit):6.870406853054738
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:e59aKWK/HqY5AXeWEfv6TBr4udWNrrJ710vFTAmJxQIfaCU/MC3O74r/wuMGFYsN:G9WsHse9fvcBrnd8rrR10WUxkCxC3O7S
                                                                                                                                                                                                                                                                        MD5:81633981057858F56BECB3BD316283E9
                                                                                                                                                                                                                                                                        SHA1:F6981034B1A5E23766BA4D40D451D784A1CFF83E
                                                                                                                                                                                                                                                                        SHA-256:4885754E6AC08304858383E47D3ADA425409988871BA6586151143D511488614
                                                                                                                                                                                                                                                                        SHA-512:99886CB451EAE690657AC848B63D58CD8B436849F6D073C5C073B624A6956397AC5AB6B636B1970C60DCE4EB5B3512372A4EC79FC28E9397AFE7D0791466D0A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...0.6c...........!.....f...N......D.....................................................@.........................pB.......F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..`............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):443296
                                                                                                                                                                                                                                                                        Entropy (8bit):6.630155817797785
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:bdQpG4IhjOSudLX4PGUGTdVwYr9ABfpMqYFOso5WMKYnTrLxWAld/wydfCigAA:apG4w5upwGTv9GWov1nlVAV
                                                                                                                                                                                                                                                                        MD5:0C7D89B75430A40824A5D7B79890324E
                                                                                                                                                                                                                                                                        SHA1:7E03E3D5386B1ED49104C3B35E44A545863BCBB9
                                                                                                                                                                                                                                                                        SHA-256:6B21B24279309F4117F8E39CDAF940F645C15D92442990A77655C8F898BB2227
                                                                                                                                                                                                                                                                        SHA-512:31453A2575FD7674AC7802DC8F740C79D357AD3464869F6EFD5E4A3892114EE9767715EBCA0D39E5B39CA8DA7BFED7E671D3EB24DBFB698C57ECA196D4FDFC85
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.mD............i.......i.......i........K......^.......^.......^.......i...........R...................................Rich............PE..d...8.6c.........." ................ %..............................................`{....`.........................................`........!..(................1...X...k...... .......p............................................................................text............................... ..`.rdata...).......*..................@..@.data...RX...0......................@....pdata...1.......2..................@..@.rsrc................N..............@..@.reloc.. ............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc64-32.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):446368
                                                                                                                                                                                                                                                                        Entropy (8bit):6.635233277412147
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:aSn7zUunHkqypGYKKOyt8GMyKw0ORVdPpEPwkdRHhvOOZoU/wC/cQBi4Blb:nzU8E9GDWKMRPAZhvpoUOo
                                                                                                                                                                                                                                                                        MD5:069EC7832ADBF93BD04A91B07FF00D78
                                                                                                                                                                                                                                                                        SHA1:5ED84D13FFCEF487EB039CD75DE91294C25ED0CC
                                                                                                                                                                                                                                                                        SHA-256:8C8C608AE67F8B8A4E56DAF2EDEA1A92CBA6866D4F324BD0E5AD1284126849A7
                                                                                                                                                                                                                                                                        SHA-512:D9E9D40DE2509B112762ADE7EF0BB6DB91EB5687AE6EA9689ABD7A7AF8BA601297655587EEF34F7D1DAC62D77E5B586BE71B19F044EBF53028CFE90DDCE776F8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................8...Fk...................................................S...........Rich...........................PE..d...=.6c.........." ......................................................................`..........................................'.......*..(................1...d...k..............p............................................................................text...`........................... ..`.rdata...3.......4..................@..@.data....X...@......................@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):456096
                                                                                                                                                                                                                                                                        Entropy (8bit):6.635086574093954
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:tTaB+hAvavjZihpuXh9js6zMxfdKCXbRRUsQHoh3+KZ+a3cnldkEBX/zrMMZKUjo:haBtvavY6XhNrzSk2gxQ3Wn7kw3o
                                                                                                                                                                                                                                                                        MD5:AA97F366592E0FA41D2D2F61765CA7D5
                                                                                                                                                                                                                                                                        SHA1:BE85DAF3B07E66225CD4167F96ED6292CCE54E1E
                                                                                                                                                                                                                                                                        SHA-256:D63036771F21AE7E056F2211CB560BFCF79ADE356B59D8F462050B2DD840E86C
                                                                                                                                                                                                                                                                        SHA-512:F16D3F899504EF556D186BEBE1A526D9999454AB60697CDE221130720AB8154003543A62C4E53124C902E51FCF62B653C914B316DA0E3766DF5026E386DD47CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......HJjD.+...+...+..iM...+..iM...+..iM...+.......+..^C...+..^C...+..^C...+..iM...+...+..S+...B...+...B...+...B...+...B...+..Rich.+..........................PE..d...3.6c.........." ................@P..............................................C.....`..........................................C......4G..(................3.......k......$... ...p............................................ ...............................text...p........................... ..`.rdata.../... ...0..................@..@.data...jX...P.......@..............@....pdata...3.......4...L..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc64-64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):455072
                                                                                                                                                                                                                                                                        Entropy (8bit):6.627282046325032
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:8NqQopGY6gsnGubx5JbmZl2Wjm+9498RkaGlef/AYbAPrqEThN0dWI/mo1pdUMMe:fQoIfvxCc64fauA0lhydIo1AfDW
                                                                                                                                                                                                                                                                        MD5:E8DFC0D2D41483C7725E4EBB7E32D324
                                                                                                                                                                                                                                                                        SHA1:B2890C91EFBA390B68E481CD2EE311136B740EDE
                                                                                                                                                                                                                                                                        SHA-256:1172F2D7B1FB34408C8FFC248E3E719922843EA07BD5B409BE3405D1C300B3F7
                                                                                                                                                                                                                                                                        SHA-512:539A1BD18D4753D69756B9B7E6603DD6E7A3F354CA002DECE206F7E2F1E2792704F3D80F38B37C0C41F16A1FD9DE32CC4DD5873959D762C5AA13388715EE7803
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................8...Fi...................................................Q...........Rich...........PE..d...5.6c.........." ................P5...............................................h....`..........................................<.......?..(...............d2.......k..............p...........................p................................................text............................... ..`.rdata...8.......:..................@..@.data....X...P.......<..............@....pdata..d2.......4...H..............@..@.rsrc................|..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1113504
                                                                                                                                                                                                                                                                        Entropy (8bit):5.932626447270598
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:3+hKmLazchlUT5PzJXmGFYKUeMzkMz7S480UJ+RNdO24a/s0X4G:Uy4n8VWGQdS480U4RN20X4G
                                                                                                                                                                                                                                                                        MD5:CCD151D8EE8ED05AA0E1D9142FD6E438
                                                                                                                                                                                                                                                                        SHA1:8D343BBC1A6F2D5D9ED8813427635696291C8F0D
                                                                                                                                                                                                                                                                        SHA-256:5C929F453DB7F0703BC8F939E39D48C79ECAB9E453918E5D0CD136C8026474CC
                                                                                                                                                                                                                                                                        SHA-512:DCB0B9A9B2908D5D55214F6A261B0A8C08889603CFABC327A7A82387012925BBF486B5C28B5250E9449FF9758748A021023C99EE02B59ABBB7B3C979A06DAEB4
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.Z't.4tt.4tt.4t..0ux.4t..7ur.4t..1u.4t.3.t~.4t&.1ui.4t&.0ue.4t&.7u~.4t..5uw.4tt.5t).4t..0uu.4t..1uu.4t..4uu.4t...tu.4t..6uu.4tRicht.4t........PE..d.....6c.........." .....\..........o........................................ ............`.............................................d......(.......<.......\........k..........@...8............................................................................textbss.A...............................text....Z...`...\.................. ..`.rdata...@.......B...`..............@..@.data...............................@....pdata..X...........................@..@.idata..r............Z..............@..@.msvcjmc8............l..............@....00cfg...............n..............@..@.rsrc...<............p..............@..@.reloc..7............v..............@..B................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\COPYING (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):26932
                                                                                                                                                                                                                                                                        Entropy (8bit):4.662099291681256
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:cjWBIk+x/vIqk0TkX6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEeHBvo0:ciBJsFkOTeDnLqFXTfleHBvo0
                                                                                                                                                                                                                                                                        MD5:72B6BD92AB82F8774BBBB73C217C57B6
                                                                                                                                                                                                                                                                        SHA1:86D1215F2E127BFFD94F7B7BE6F7C4CE94ACDDA8
                                                                                                                                                                                                                                                                        SHA-256:9B183E7F0356C398CC0A65C4A2D2CD56F2149A8E244264C4D26AC59E9DADA3E8
                                                                                                                                                                                                                                                                        SHA-512:504E32EEBF7F3FDF37BB354F8B32BA9BB0810B490563AC5E8E58EF8BB3844A196706C8A25335E71A3D2E70C1C6C6304A6AEC7A9EFB309E89EEA89F6D9607A437
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.. GNU LESSER GENERAL PUBLIC LICENSE.... Version 2.1, February 1999.... Copyright (C) 1991, 1999 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed.....[This is the first released version of the Lesser GPL. It also counts.. as the successor of the GNU Library Public License, version 2, hence.. the version number 2.1.]....... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..Licenses are intended to guarantee your freedom to share and change..free software--to make sure the software is free for all its users..... This license, the Lesser General Public License, applies to some..specially designated software packages--typically libraries--of the..Free Software Foundation and other authors who decide to use it. You..can

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\RELICENSING (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2763
                                                                                                                                                                                                                                                                        Entropy (8bit):4.679490275459229
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:wmINs5JslcE338QHFs5DGT93oVFl/9OsmONbs+2y:w7/Tn8QHDonOsJhs+
                                                                                                                                                                                                                                                                        MD5:0006E501494FE7AAC40035AD1E9B84A9
                                                                                                                                                                                                                                                                        SHA1:4D885BAA2024FA1CE2DF99041EC4B0D046549587
                                                                                                                                                                                                                                                                        SHA-256:B8CA96FA5251F2449F47F5E62E5B7C54A0D0DBCA353627D1C67A8B2CC71958E0
                                                                                                                                                                                                                                                                        SHA-512:BFF444F24836B3D85E734F4FE11FFDFD095E4F1386D54E4C934EDD3B9162E6D92BA0939103BDCC3B708D6296B9C268DDD77E4B63322A429DD4782202D754831C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.. Relicensing TinyCC.. ------------------.... The authors listed below hereby confirm their agreement to relicense TinyCC.. including their past contributions under the following terms:...... * Permission is hereby granted, free of charge, to any person obtaining a copy.. * of this software and associated documentation files (the "Software"), to deal.. * in the Software without restriction, including without limitation the rights.. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. * copies of the Software, and to permit persons to whom the Software is.. * furnished to do so, subject to the following conditions:.. *.. * The above copyright notice and this permission notice shall be included in.. * all copies or substantial portions of the software... *.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEM

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\REST (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):119
                                                                                                                                                                                                                                                                        Entropy (8bit):4.371155522109906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:GACoYQZGhzeF7FEd2NAFNMLAdS4INMLAKQvI+IEQtM0KRvMH:SorZGIF72gNAFNM0deNM0tI+IEQ+0KmH
                                                                                                                                                                                                                                                                        MD5:7C3537668B4B35F486F199AF30768340
                                                                                                                                                                                                                                                                        SHA1:611F489364DF2A1D404022ECFCF6BB028103CC19
                                                                                                                                                                                                                                                                        SHA-256:5F58445C525B6BE19809AA19D69067C1910EDF90A9C56A508571A56EE4CDB5F1
                                                                                                                                                                                                                                                                        SHA-512:FD3EC07B964BB66C604BFB55A7701951E47CCA13D9AC5811F35BE6EFF8C81745A7AB62F3A22393B1D5AF303702943B2FAB7C499BFA6037C8B79396C98A39D27B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:The rest of this project can be found at https://github.com/cheat-engine/cheat-engine/tree/master/Cheat%20Engine/tcclib

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\is-LIV87.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):26932
                                                                                                                                                                                                                                                                        Entropy (8bit):4.662099291681256
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:cjWBIk+x/vIqk0TkX6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEeHBvo0:ciBJsFkOTeDnLqFXTfleHBvo0
                                                                                                                                                                                                                                                                        MD5:72B6BD92AB82F8774BBBB73C217C57B6
                                                                                                                                                                                                                                                                        SHA1:86D1215F2E127BFFD94F7B7BE6F7C4CE94ACDDA8
                                                                                                                                                                                                                                                                        SHA-256:9B183E7F0356C398CC0A65C4A2D2CD56F2149A8E244264C4D26AC59E9DADA3E8
                                                                                                                                                                                                                                                                        SHA-512:504E32EEBF7F3FDF37BB354F8B32BA9BB0810B490563AC5E8E58EF8BB3844A196706C8A25335E71A3D2E70C1C6C6304A6AEC7A9EFB309E89EEA89F6D9607A437
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.. GNU LESSER GENERAL PUBLIC LICENSE.... Version 2.1, February 1999.... Copyright (C) 1991, 1999 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed.....[This is the first released version of the Lesser GPL. It also counts.. as the successor of the GNU Library Public License, version 2, hence.. the version number 2.1.]....... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..Licenses are intended to guarantee your freedom to share and change..free software--to make sure the software is free for all its users..... This license, the Lesser General Public License, applies to some..specially designated software packages--typically libraries--of the..Free Software Foundation and other authors who decide to use it. You..can

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\is-MHAH0.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2763
                                                                                                                                                                                                                                                                        Entropy (8bit):4.679490275459229
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:wmINs5JslcE338QHFs5DGT93oVFl/9OsmONbs+2y:w7/Tn8QHDonOsJhs+
                                                                                                                                                                                                                                                                        MD5:0006E501494FE7AAC40035AD1E9B84A9
                                                                                                                                                                                                                                                                        SHA1:4D885BAA2024FA1CE2DF99041EC4B0D046549587
                                                                                                                                                                                                                                                                        SHA-256:B8CA96FA5251F2449F47F5E62E5B7C54A0D0DBCA353627D1C67A8B2CC71958E0
                                                                                                                                                                                                                                                                        SHA-512:BFF444F24836B3D85E734F4FE11FFDFD095E4F1386D54E4C934EDD3B9162E6D92BA0939103BDCC3B708D6296B9C268DDD77E4B63322A429DD4782202D754831C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.. Relicensing TinyCC.. ------------------.... The authors listed below hereby confirm their agreement to relicense TinyCC.. including their past contributions under the following terms:...... * Permission is hereby granted, free of charge, to any person obtaining a copy.. * of this software and associated documentation files (the "Software"), to deal.. * in the Software without restriction, including without limitation the rights.. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. * copies of the Software, and to permit persons to whom the Software is.. * furnished to do so, subject to the following conditions:.. *.. * The above copyright notice and this permission notice shall be included in.. * all copies or substantial portions of the software... *.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEM

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\is-SR055.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):119
                                                                                                                                                                                                                                                                        Entropy (8bit):4.371155522109906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:GACoYQZGhzeF7FEd2NAFNMLAdS4INMLAKQvI+IEQtM0KRvMH:SorZGIF72gNAFNM0deNM0tI+IEQ+0KmH
                                                                                                                                                                                                                                                                        MD5:7C3537668B4B35F486F199AF30768340
                                                                                                                                                                                                                                                                        SHA1:611F489364DF2A1D404022ECFCF6BB028103CC19
                                                                                                                                                                                                                                                                        SHA-256:5F58445C525B6BE19809AA19D69067C1910EDF90A9C56A508571A56EE4CDB5F1
                                                                                                                                                                                                                                                                        SHA-512:FD3EC07B964BB66C604BFB55A7701951E47CCA13D9AC5811F35BE6EFF8C81745A7AB62F3A22393B1D5AF303702943B2FAB7C499BFA6037C8B79396C98A39D27B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:The rest of this project can be found at https://github.com/cheat-engine/cheat-engine/tree/master/Cheat%20Engine/tcclib

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-30M5G.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13913
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0625346433631195
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:r19A/cZMTI5yb/KekUbGXiTYli8hcHPHuwGX9Gln4FmgopA:r19i5x/8hEfuTGQCm
                                                                                                                                                                                                                                                                        MD5:BDE9BB4FFF437414B38B1FEB2E8C5A0A
                                                                                                                                                                                                                                                                        SHA1:8CC60A152FA9FAABD63980977F93230AD4462FF2
                                                                                                                                                                                                                                                                        SHA-256:E656129DB32DD84EEB1BCE8CE9E6296943F1920EDB6E9296F67A5986E3C84E6E
                                                                                                                                                                                                                                                                        SHA-512:91653AEDFADA80F62D2906A09671932D9603CA884BC09B5BCE0317A29DF934252C7AC3BF6557399C642F010BE2ADDC90E96EA87EC5F3DC2AFEAD491F1E27BC39
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/* TCC runtime library. .. Parts of this code are (c) 2002 Fabrice Bellard .... Copyright (C) 1987, 1988, 1992, 1994, 1995 Free Software Foundation, Inc.....This file is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by the..Free Software Foundation; either version 2, or (at your option) any..later version.....In addition to the permissions in the GNU General Public License, the..Free Software Foundation gives you unlimited permission to link the..compiled version of this file into combinations with other programs,..and to distribute those combinations without any restriction coming..from the use of this file. (The General Public License restrictions..do apply in other respects; for example, they cover modification of..the file, and distribution when not linked into a combine..executable.)....This file is distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warra

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tcclib\lib\libtcc1.c (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13913
                                                                                                                                                                                                                                                                        Entropy (8bit):5.0625346433631195
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:r19A/cZMTI5yb/KekUbGXiTYli8hcHPHuwGX9Gln4FmgopA:r19i5x/8hEfuTGQCm
                                                                                                                                                                                                                                                                        MD5:BDE9BB4FFF437414B38B1FEB2E8C5A0A
                                                                                                                                                                                                                                                                        SHA1:8CC60A152FA9FAABD63980977F93230AD4462FF2
                                                                                                                                                                                                                                                                        SHA-256:E656129DB32DD84EEB1BCE8CE9E6296943F1920EDB6E9296F67A5986E3C84E6E
                                                                                                                                                                                                                                                                        SHA-512:91653AEDFADA80F62D2906A09671932D9603CA884BC09B5BCE0317A29DF934252C7AC3BF6557399C642F010BE2ADDC90E96EA87EC5F3DC2AFEAD491F1E27BC39
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:/* TCC runtime library. .. Parts of this code are (c) 2002 Fabrice Bellard .... Copyright (C) 1987, 1988, 1992, 1994, 1995 Free Software Foundation, Inc.....This file is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by the..Free Software Foundation; either version 2, or (at your option) any..later version.....In addition to the permissions in the GNU General Public License, the..Free Software Foundation gives you unlimited permission to link the..compiled version of this file into combinations with other programs,..and to distribute those combinations without any restriction coming..from the use of this file. (The General Public License restrictions..do apply in other respects; for example, they cover modification of..the file, and distribution when not linked into a combine..executable.)....This file is distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warra

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\tiny.cepack (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):36018
                                                                                                                                                                                                                                                                        Entropy (8bit):7.994007484272608
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:768:9vQvLQOAupOW0bBJ8RkEgh+zhlrKlfaMfToatTCCRFxg4Oaun:9Yv1bpOW0bBJ8goVUsMfcUvzOaun
                                                                                                                                                                                                                                                                        MD5:927EF77EFDA84808C9088632C76843E5
                                                                                                                                                                                                                                                                        SHA1:AA73E4C27F8A00DF4C9B8BD05088D483B5F8FF9B
                                                                                                                                                                                                                                                                        SHA-256:422A2989BABB5E9512C98B3FA24C4F5A0BA9A72C3C71A920C5F979316E1674C7
                                                                                                                                                                                                                                                                        SHA-512:98B6BA444008B5978D65FA83487465D700D6EEE721CE8990F1D2E034945F7650E7031E4B9E18C945FE81C6919E5213750DC4E2D86829988E25A3B237559E90E8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:CEPACK......|T.0~v.$9I69.$.$@.`.F..%.!.$....]"$`.t]..p.`%.x...a....R.....^.X..B........6...j......3gw...{.....|...{..3.<3..3..<3)...g.8....q\3...s...=.K...d...?.h6,...<.m..P...<.H.......$e|.........0.hiE.#?Z...II..a.?<p1..s.......1....hc....M...;..6:X|..Y.yc.sob...A<.....[l..~....#t....x....q...........q1.<1Q...X....l.g...u.....S...l..b..F...}......>.:_2.c....H.|0LPs..G...5..}@z...3.u..~o]G".....]..c.:.}......5..?.k..V......?...D.....o.-.......[N.)...K|2..E.f...(3..I.#..E.....3...O.Gv.R.U.....&."..y9-5...4..!.q'......%...!..N-....d.r-U..3,..3........'.0;..h....G.....IN...M...x(.,`M...t.C...?.,4..+...@...4-.>....;>.x(..K.&.B...4.IR..@RK....$-....R..g.Z*4:...R.@...Ry.J..M.q.u.hb....s%....A.r...2S.. .;.v...&....h.......4.[.._..[b(ih..@.}zi..N.K.....'u..$i.V.BR.[....F.I.....A&..........e,..)...P.%.Ui..|.oP.B..0&../_..R..N..(3...(.~9....2z...a.h.[O.h...S..[..S..F...a..v...83E9....U..~.@..b#c.;..YN %..m....E1D.t.d 6......h%....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\unins000.dat

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:InnoSetup Log 64-bit Cheat Engine, version 0x418, 67933 bytes, 124406\37\user\376\, C:\Program Files\Cheat Engine 7.5\376\377\
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):67933
                                                                                                                                                                                                                                                                        Entropy (8bit):3.699313544174163
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:SFKlzYQzqmvyKfZuRKd6Dlbmrgf4JyA3Zekr:SFKlzYQzqmvyuZua
                                                                                                                                                                                                                                                                        MD5:702E7C16E937720744F15806C79B0550
                                                                                                                                                                                                                                                                        SHA1:E7C5776A04FB82334E19F320682FB11A723539B2
                                                                                                                                                                                                                                                                        SHA-256:14F42108C50B6693778CDA3924E77DE351430A0F69746572AEC883055EF60D8A
                                                                                                                                                                                                                                                                        SHA-512:F4BEE8748732A3B2ECB646F09B2EA27000CAC665F60DA20E85537EEF84BE57883F15CA16211631229B3CCDA48C275C887E777925672BD2BF2B442F6940B49BBB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Inno Setup Uninstall Log (b) 64-bit.............................Cheat Engine....................................................................................................................Cheat Engine........................................................................................................................v...]...................................................................................................................s.X..................{........1.2.4.4.0.6......t.i.n.a......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5....................... ......).......IFPS....&...(....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TEXECWAIT.........TUNINSTALLSTEP.........TMSGBOXTYPE.....

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\unins000.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3223968
                                                                                                                                                                                                                                                                        Entropy (8bit):6.338087367720092
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                                                                                        MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                                                                                        SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                                                                                        SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                                                                                        SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\unins000.msg

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):24097
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2749730459064845
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:b1EjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvo:b1EK6CHr6fSX+7Q1U5YQDztB/B3o
                                                                                                                                                                                                                                                                        MD5:313D0CC5D1A64D2565E35937991775A6
                                                                                                                                                                                                                                                                        SHA1:B8ACB11878C485865C9E4679248E53B83A8F3AD4
                                                                                                                                                                                                                                                                        SHA-256:5ED0233C0922E9F20307315E24B4F33C3D56AB9F42B2F75AE91E7A27FD313B66
                                                                                                                                                                                                                                                                        SHA-512:7C2DB4A3A4A8DF09F8119A7BA4CA9EBFE562F0A34D431928344E21A5853931EEFBFD910DC4026C6788AC22423BBB125F2B700326D8A1D82B134E2B486C3D0684
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:Inno Setup Messages (6.0.0) (u)......................................]..+..... .C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):332704
                                                                                                                                                                                                                                                                        Entropy (8bit):6.512223997122371
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:UokW02RSGoOZQcW2jS95cM0EsZjv8trtH3Vizwy:ZkW02RsOKcWnDdMv8trtX0
                                                                                                                                                                                                                                                                        MD5:E9B5905D495A88ADBC12C811785E72EC
                                                                                                                                                                                                                                                                        SHA1:CA0546646986AAB770C7CF2E723C736777802880
                                                                                                                                                                                                                                                                        SHA-256:3EB9CD27035D4193E32E271778643F3ACB2BA73341D87FD8BB18D99AF3DFFDEA
                                                                                                                                                                                                                                                                        SHA-512:4124180B118149C25F8EA8DBBB2912B4BD56B43F695BF0FF9C6CCC95ADE388F1BE7D440A791D49E4D5C9C350EA113CF65F839A3C47D705533716ACC53DD038F8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........D(..$-..................................................P...........................................d........................k.......:..................................................P................................text............................... ..`.data...D(.......*..................@....rdata..............................@..@.bss....$-...p...........................CRT.................Z..............@....idata...............\..............@....edata...............j..............@..@.reloc...:.......<...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):423328
                                                                                                                                                                                                                                                                        Entropy (8bit):6.077270660749132
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:gLJXTQOQV/MzZTixW5GmL7HOf0ADMTE21gFOpJz:Q+V/M9WWnL7HOf0ADMIuR
                                                                                                                                                                                                                                                                        MD5:8D487547F1664995E8C47EC2CA6D71FE
                                                                                                                                                                                                                                                                        SHA1:D29255653AE831F298A54C6FA142FB64E984E802
                                                                                                                                                                                                                                                                        SHA-256:F50BAF9DC3CD6B925758077EC85708DB2712999B9027CC632F57D1E6C588DF21
                                                                                                                                                                                                                                                                        SHA-512:79C230CFE8907DF9DA92607A2C1ACE0523A36C3A13296CB0265329208EDC453E293D7FBEDBD5410DECF81D20A7FE361FDEBDDADBC1DC63C96130B0BEDF5B1D8A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........6...2...................................................................................................p.......P..d................H.......k..........................................................LT...............................text............................... ..`.data....6.......8..................@....rdata...V...P...X...4..............@..@.pdata...H.......J..................@..@.bss.....2...............................CRT.........@......................@....idata.......P......................@....edata.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\vmdisk.img (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:DOS/MBR boot sector
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):477184
                                                                                                                                                                                                                                                                        Entropy (8bit):5.927630308859684
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:JEgIgQUO3gqHm5DHLj7S0/Y9kwRofaqcEL5jw/ayKImdyoO:Gg/hEm5DrHE9kwRofaqcEL5jw/ayKImD
                                                                                                                                                                                                                                                                        MD5:036B059F8C1CC9AFF3D010E5446BB16C
                                                                                                                                                                                                                                                                        SHA1:450842B84E2FACE167E2D138E4F96317CB255BB3
                                                                                                                                                                                                                                                                        SHA-256:248F3D48664482090D2C8C01B98518777DED1D900E17ACBC077EFE17258411A6
                                                                                                                                                                                                                                                                        SHA-512:4BA5E167A2E3BFE92D43759642AF7BCDB6F4C9EFA30C0F9DE85D6E9758B62FC7ED89FAFDE48910E4E059080E457E3556D23CB1D59B3062C75F81DB9C59B75657
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.$.CETC2#...............>.A..............f..p....$p1...f...pf...pf...pf.6.pf.>.pf...pf.&.p.."p...&p..(p..*p.X.,p....0p. .f..}......0.......|1....?........}..............`.............6.|...?@..|.......& |.!....Q....."|.6$|...|....s......|..........u........1.."|..."|S...J.[:..|r....."|..$|..$|:..|u...$|....$|YI...Qu.Y.....|f...|......f}....0...P.P.&f}..g}...e..e.E...X..g}...f}...<.t...e..e.E.....F....f}.....Q....f.Y...`1.....t.=..t.=..t....X...@.f1........1..f.......@s.a..DBVM BS.......U......PR>..".>..#..........R........Z.&..&.D......Ps.........r...>..".>..#.ZX.....F.<$u..PRZX.PSQW....N..$N9.r.1......0..N...u..A9.r... N...._Y[X.PSQW....N..$N9.r,1.......w...0.......a..N...u..A9.r... N...._Y[X.88=$e801:$e820:..$ax=$bx=$cx=$dx=$SMAP ERROR!..$..................$................................get VESA info success..$get VESA info failed..$ Failurevideomode 0x$..1...H..&......6........&;.........t........retry reading disk..........f1.f1........]>..?.>

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\vmdisk.img.sig (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                        Entropy (8bit):6.593562490537789
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:O18qyj/0fZMX/ferOk9OWtW2kdT0PgluBKd9cCkAl8F:O10/3er/X1Y4BKtJuF
                                                                                                                                                                                                                                                                        MD5:A4B42FDCA7043792CCC37C611DB21075
                                                                                                                                                                                                                                                                        SHA1:17CBF2EC6ECA6BD0CAF1DA78AF51D9F363151168
                                                                                                                                                                                                                                                                        SHA-256:8B8955524079508FEC59D396A891110660AE2486F24BC8BCBCDBCC975BB49AE7
                                                                                                                                                                                                                                                                        SHA-512:B6877F5B5B88A9B05A85F562D975A8820ACAC3773AA5FB91CEB1DA6C731C90C486A6AAF78DF6EDCF69B0EA74286DC7CC8FA2CBF98453539EFA55EC18D38116BB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:...[0n...w+$.H'1,..t...).=s..Ds.......y....G2......wX+...W=............./X1AjF~G4...OD>....J.R."..S......0.Q[8....A..6.... ...

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1746376
                                                                                                                                                                                                                                                                        Entropy (8bit):6.547381278876358
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:/ETCUSw5C7fKrz3PRAarqzUH3Wj7Bnn6KB2m4JMfGPYTuLycEaU2vWUonrMLIAXg:MTj15CD0RHep6KJ4KqzEl2vWrYIA/W
                                                                                                                                                                                                                                                                        MD5:238C1C3286A94184FAE2C47CB7FB9DB8
                                                                                                                                                                                                                                                                        SHA1:EC4C96DBB342617AFCB728C4D58BDE4EDC0939DC
                                                                                                                                                                                                                                                                        SHA-256:74CCB6F5334248BA7020B9CDDC7D581FC6A3AC5A034489324A1FC134CF21DE6C
                                                                                                                                                                                                                                                                        SHA-512:0042EFB8DF5DD2D6CDE098DFD1A15217C55E8B68776856E354CED3B943C646C77A8A0132EB2A6332D76704F71A475E29F7330177CBFB4C2C4A26FFC4BA004D0E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P.}...}...}.......}....R..}...}...x.......}.......}.......}....<..}.......}.......}....>..}.......}..Rich.}..........PE..L...N.,............!.........X.......-.......................................p......3;....@A............................1...D...l....@..P................!...P..........T...............................@...............@.......`....................text...1........................... ..`.data............^..................@....idata... ......."...&..............@..@.didat...............H..............@....mrdata...... .......J..............@..@.rsrc...P....@.......d..............@..@.reloc.......P.......p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\is-48QIF.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1746376
                                                                                                                                                                                                                                                                        Entropy (8bit):6.547381278876358
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:/ETCUSw5C7fKrz3PRAarqzUH3Wj7Bnn6KB2m4JMfGPYTuLycEaU2vWUonrMLIAXg:MTj15CD0RHep6KJ4KqzEl2vWrYIA/W
                                                                                                                                                                                                                                                                        MD5:238C1C3286A94184FAE2C47CB7FB9DB8
                                                                                                                                                                                                                                                                        SHA1:EC4C96DBB342617AFCB728C4D58BDE4EDC0939DC
                                                                                                                                                                                                                                                                        SHA-256:74CCB6F5334248BA7020B9CDDC7D581FC6A3AC5A034489324A1FC134CF21DE6C
                                                                                                                                                                                                                                                                        SHA-512:0042EFB8DF5DD2D6CDE098DFD1A15217C55E8B68776856E354CED3B943C646C77A8A0132EB2A6332D76704F71A475E29F7330177CBFB4C2C4A26FFC4BA004D0E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P.}...}...}.......}....R..}...}...x.......}.......}.......}....<..}.......}.......}....>..}.......}..Rich.}..........PE..L...N.,............!.........X.......-.......................................p......3;....@A............................1...D...l....@..P................!...P..........T...............................@...............@.......`....................text...1........................... ..`.data............^..................@....idata... ......."...&..............@..@.didat...............H..............@....mrdata...... .......J..............@..@.rsrc...P....@.......d..............@..@.reloc.......P.......p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\is-56DLJ.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):569856
                                                                                                                                                                                                                                                                        Entropy (8bit):6.48863246830026
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:09zpo7FKqmQEPmmo6G1SbhXIBQ22wnEKNy6ZfpTh2jK23L:eUANZPmjR1SbhYBT2wEKN3pmb
                                                                                                                                                                                                                                                                        MD5:AEF51484C41C348E6ECA26EAF36B5E00
                                                                                                                                                                                                                                                                        SHA1:01A37C222BC8EAFDF250953BFD5D0593CEB7AB5A
                                                                                                                                                                                                                                                                        SHA-256:F3E9E0DF553D9DF6650981A0758EDE142A33A889786BBEB586FE7EDC7F9E27EB
                                                                                                                                                                                                                                                                        SHA-512:E7B29E38F516D934617E0C46BC0DB33390E28890867427ADA0989CBB1F1DEBAAE962B3B39D0749BC5273EFF6545B967346D5F72A460D1C07B0FD451AFD58AB65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.OT...........#................`..............a.................................p........ .................................t................................'......................................................p............................text...............................`.P`.data...............................@.`..rdata..p...........................@.`@.eh_fram8....p.......V..............@.0@.bss..................................`..edata...............`..............@.0@.idata..t............z..............@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\is-HR2IO.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):268760
                                                                                                                                                                                                                                                                        Entropy (8bit):6.271440072420579
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:mK+Zk16lasjUumChoTtckp/Ec3SYiAdCksr5CsHLz0hQTplZBXo8PrF5T681kO2y:Rbrdr3S/AdCkA57ghmlZ68rj6euk+hU
                                                                                                                                                                                                                                                                        MD5:B3EA90EA6E9C99965389662F8DB9DC8E
                                                                                                                                                                                                                                                                        SHA1:412685767347F0CB4360787214B28038B1F38278
                                                                                                                                                                                                                                                                        SHA-256:254609EC81013A878306C710ACFD258907E338C32EEB5FDDDB561116DFA65D40
                                                                                                                                                                                                                                                                        SHA-512:B963D9DFE09DB9C8E10CA91CF9504238F478F83BBA5B9B5BC4910725FBF917A1AF791E5FA8407D07E55589C8388C73CD0377405D03C88EEB5BA94A90DC5DF827
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[}..............d..1....n.......n...............n.......n.......n.......n.."....n.......n......Rich....................PE..L....m&@...........!.....r..........`...............................................I.....@A........................@}......l........0...................!...P..T,......T...............................@...............h...Xv.......................text....q.......r.................. ..`.data....L...........v..............@....idata...............z..............@..@.didat..............................@....mrdata.............................@..@.rsrc........0......................@..@.reloc..T,...P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):569856
                                                                                                                                                                                                                                                                        Entropy (8bit):6.48863246830026
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:09zpo7FKqmQEPmmo6G1SbhXIBQ22wnEKNy6ZfpTh2jK23L:eUANZPmjR1SbhYBT2wEKN3pmb
                                                                                                                                                                                                                                                                        MD5:AEF51484C41C348E6ECA26EAF36B5E00
                                                                                                                                                                                                                                                                        SHA1:01A37C222BC8EAFDF250953BFD5D0593CEB7AB5A
                                                                                                                                                                                                                                                                        SHA-256:F3E9E0DF553D9DF6650981A0758EDE142A33A889786BBEB586FE7EDC7F9E27EB
                                                                                                                                                                                                                                                                        SHA-512:E7B29E38F516D934617E0C46BC0DB33390E28890867427ADA0989CBB1F1DEBAAE962B3B39D0749BC5273EFF6545B967346D5F72A460D1C07B0FD451AFD58AB65
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.OT...........#................`..............a.................................p........ .................................t................................'......................................................p............................text...............................`.P`.data...............................@.`..rdata..p...........................@.`@.eh_fram8....p.......V..............@.0@.bss..................................`..edata...............`..............@.0@.idata..t............z..............@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):268760
                                                                                                                                                                                                                                                                        Entropy (8bit):6.271440072420579
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:mK+Zk16lasjUumChoTtckp/Ec3SYiAdCksr5CsHLz0hQTplZBXo8PrF5T681kO2y:Rbrdr3S/AdCkA57ghmlZ68rj6euk+hU
                                                                                                                                                                                                                                                                        MD5:B3EA90EA6E9C99965389662F8DB9DC8E
                                                                                                                                                                                                                                                                        SHA1:412685767347F0CB4360787214B28038B1F38278
                                                                                                                                                                                                                                                                        SHA-256:254609EC81013A878306C710ACFD258907E338C32EEB5FDDDB561116DFA65D40
                                                                                                                                                                                                                                                                        SHA-512:B963D9DFE09DB9C8E10CA91CF9504238F478F83BBA5B9B5BC4910725FBF917A1AF791E5FA8407D07E55589C8388C73CD0377405D03C88EEB5BA94A90DC5DF827
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[}..............d..1....n.......n...............n.......n.......n.......n.."....n.......n......Rich....................PE..L....m&@...........!.....r..........`...............................................I.....@A........................@}......l........0...................!...P..T,......T...............................@...............h...Xv.......................text....q.......r.................. ..`.data....L...........v..............@....idata...............z..............@..@.didat..............................@....mrdata.............................@..@.rsrc........0......................@..@.reloc..T,...P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2130400
                                                                                                                                                                                                                                                                        Entropy (8bit):6.2987957684743945
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:21CydAIdaqDwWXf6J6eFyIfbIwDLk2A/R1UTwyIuZ:21fd7dxinRDLkF/R1zuZ
                                                                                                                                                                                                                                                                        MD5:7A7A9CD081AB016F84249EF4F06493AD
                                                                                                                                                                                                                                                                        SHA1:8DC1BEBFAE34C118FE3810DC9131CBF8CCBD9EDC
                                                                                                                                                                                                                                                                        SHA-256:009681092F6A13C5C28BB3B08EA14BB03BA959F9CE1A53730D069550DA376C48
                                                                                                                                                                                                                                                                        SHA-512:D2B3F302F653741298FB62D237BFC61E1555792AAD73C14395B4DD4B97FE37F745E916B9F586945042B1EDED19C2BC0E9EFD4BE57E44610D465296BD0C544E84
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[...[...[......Y...R.W.f...[.........H......_......Z......3....9.Y...........;.Z......Z...Rich[...........PE..d....B............" .....0..........P.........................................".....1.!...`A............................................X.......l.....!.P....0 ..)...` ..!....!.pN......p............................y..8...........H.......L...`....................text............0.................. ..`.rdata..4....@.......@..............@..@.data....4..........................@....pdata...)...0 ..0..................@..@.didat..8....`!.....................@....mrdata..2...p!..@..................@..@.rsrc...P.....!....... .............@..@.reloc..pN....!..P.... .............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\is-9L3C9.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2130400
                                                                                                                                                                                                                                                                        Entropy (8bit):6.2987957684743945
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:21CydAIdaqDwWXf6J6eFyIfbIwDLk2A/R1UTwyIuZ:21fd7dxinRDLkF/R1zuZ
                                                                                                                                                                                                                                                                        MD5:7A7A9CD081AB016F84249EF4F06493AD
                                                                                                                                                                                                                                                                        SHA1:8DC1BEBFAE34C118FE3810DC9131CBF8CCBD9EDC
                                                                                                                                                                                                                                                                        SHA-256:009681092F6A13C5C28BB3B08EA14BB03BA959F9CE1A53730D069550DA376C48
                                                                                                                                                                                                                                                                        SHA-512:D2B3F302F653741298FB62D237BFC61E1555792AAD73C14395B4DD4B97FE37F745E916B9F586945042B1EDED19C2BC0E9EFD4BE57E44610D465296BD0C544E84
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[...[...[......Y...R.W.f...[.........H......_......Z......3....9.Y...........;.Z......Z...Rich[...........PE..d....B............" .....0..........P.........................................".....1.!...`A............................................X.......l.....!.P....0 ..)...` ..!....!.pN......p............................y..8...........H.......L...`....................text............0.................. ..`.rdata..4....@.......@..............@..@.data....4..........................@....pdata...)...0 ..0..................@..@.didat..8....`!.....................@....mrdata..2...p!..@..................@..@.rsrc...P.....!....... .............@..@.reloc..pN....!..P.... .............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\is-MDBKN.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):344528
                                                                                                                                                                                                                                                                        Entropy (8bit):5.780306640057818
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:yT/zGgy2HzkCwmkfCl00EiwtHgadXIezwnzx7I91DR9J2:y3GL2HzkCwmkfClHbghpINzZmBRa
                                                                                                                                                                                                                                                                        MD5:1473A9CCB67526D4010F1B0F9E6B2977
                                                                                                                                                                                                                                                                        SHA1:7FE8C168E976200CF1562B8E8991245226B16B9A
                                                                                                                                                                                                                                                                        SHA-256:F118FD9D6BA4C36DB3556D1035EFE90E99C00BF879A22ABEBE1DADFDBB3074D7
                                                                                                                                                                                                                                                                        SHA-512:3F459A8C9536B615BBD3B8BFEC9970F432CC72BD3287937F9F915FCBE9B2A13FCB4C45946A1722018F89DB505B418957BD513BD32A64580484D4AC7D3896A551
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F..CF..CF..CO.1Cv..C...BB..C...BV..CF..Ce..C...BO..C...BJ..C...BG..C...B{..C..]CG..C...BG..CRichF..C........................PE..d....g............" .........................................................p.......F....`A.........................................P......tU..0....@............... ...!...`......H...p.......................(.......8....................G.......................text.............................. ..`.rdata..............................@..@.data....S...p.......p..............@....pdata........... ..................@..@.didat..............................@....mrdata..2.......@..................@..@.rsrc........@... ..................@..@.reloc.......`......................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\is-SH0DD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1311232
                                                                                                                                                                                                                                                                        Entropy (8bit):5.897658121795144
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH
                                                                                                                                                                                                                                                                        MD5:C11138204609EA63A3E88B4C8C09B035
                                                                                                                                                                                                                                                                        SHA1:B0829124F7E275B0F341C6AF0FDD3DD5F65667A4
                                                                                                                                                                                                                                                                        SHA-256:60C16C2FAB14B344B8343778DCD6BBFDEE3DFE5F83D1AC8D2E50C6877419EEE4
                                                                                                                                                                                                                                                                        SHA-512:28D9E92498433C1F6EC41893FC17DB76D6CB7A1C565461EB6E67EEBC2B924DD4AA65486C29874CAA9AC5C78F804A8799C7CE1C641DD9F080BF1BF94B58CA208C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................"........d......e.....f......e......a......b......g....Rich...........PE..d.....OT.........." ................@I.......................................p............`.........................................@...g!......(....0.......@..............P..8....+..8...........................0>..p...........8................................text............................... ..`.rdata....... ......................@..@.data....q.......D..................@....pdata.......@......................@..@.idata..X...........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1311232
                                                                                                                                                                                                                                                                        Entropy (8bit):5.897658121795144
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH
                                                                                                                                                                                                                                                                        MD5:C11138204609EA63A3E88B4C8C09B035
                                                                                                                                                                                                                                                                        SHA1:B0829124F7E275B0F341C6AF0FDD3DD5F65667A4
                                                                                                                                                                                                                                                                        SHA-256:60C16C2FAB14B344B8343778DCD6BBFDEE3DFE5F83D1AC8D2E50C6877419EEE4
                                                                                                                                                                                                                                                                        SHA-512:28D9E92498433C1F6EC41893FC17DB76D6CB7A1C565461EB6E67EEBC2B924DD4AA65486C29874CAA9AC5C78F804A8799C7CE1C641DD9F080BF1BF94B58CA208C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................"........d......e.....f......e......a......b......g....Rich...........PE..d.....OT.........." ................@I.......................................p............`.........................................@...g!......(....0.......@..............P..8....+..8...........................0>..p...........8................................text............................... ..`.rdata....... ......................@..@.data....q.......D..................@....pdata.......@......................@..@.idata..X...........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):344528
                                                                                                                                                                                                                                                                        Entropy (8bit):5.780306640057818
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:yT/zGgy2HzkCwmkfCl00EiwtHgadXIezwnzx7I91DR9J2:y3GL2HzkCwmkfClHbghpINzZmBRa
                                                                                                                                                                                                                                                                        MD5:1473A9CCB67526D4010F1B0F9E6B2977
                                                                                                                                                                                                                                                                        SHA1:7FE8C168E976200CF1562B8E8991245226B16B9A
                                                                                                                                                                                                                                                                        SHA-256:F118FD9D6BA4C36DB3556D1035EFE90E99C00BF879A22ABEBE1DADFDBB3074D7
                                                                                                                                                                                                                                                                        SHA-512:3F459A8C9536B615BBD3B8BFEC9970F432CC72BD3287937F9F915FCBE9B2A13FCB4C45946A1722018F89DB505B418957BD513BD32A64580484D4AC7D3896A551
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F..CF..CF..CO.1Cv..C...BB..C...BV..CF..Ce..C...BO..C...BJ..C...BG..C...B{..C..]CG..C...BG..CRichF..C........................PE..d....g............" .........................................................p.......F....`A.........................................P......tU..0....@............... ...!...`......H...p.......................(.......8....................G.......................text.............................. ..`.rdata..............................@..@.data....S...p.......p..............@....pdata........... ..................@..@.didat..............................@....mrdata..2.......@..................@..@.rsrc........@... ..................@..@.reloc.......`......................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\windowsrepair.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):268704
                                                                                                                                                                                                                                                                        Entropy (8bit):5.837891086948313
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:0drkqKo/nt7PrwnoK0M6EZgugEkkoSE5O7Z3LLr:6rkm9mP6EZgugEnoSE5OB
                                                                                                                                                                                                                                                                        MD5:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                                                                                        SHA1:220F8AF8B91D3C7B64140CBB5D9337D7ED277EDB
                                                                                                                                                                                                                                                                        SHA-256:2F3214F799B0F0A2F3955DBDC64C7E7C0E216F1A09D2C1AD5D0A99921782E363
                                                                                                                                                                                                                                                                        SHA-512:6EEF3254FC24079751FC8C38DDA9A8E44840E5A4DF1FF5ADF076E4BE87127075A7FEA59BA7EF9B901AAF10EB64F881FC8FB306C2625140169665DD3991E5C25B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...............................d)..`........ ....@.................................:8..........................................d........................k...................................3.......................................................text............................... ..`.data........ ......................@....rdata...g...@...h...(..............@..@.bss....d)...............................CRT................................@....idata..N...........................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):206232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.577803539808585
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:ZyuXZus0fJ34+UZQ5IvR2diworEdVpRmY:nXZgV4dkIJfrEdVt
                                                                                                                                                                                                                                                                        MD5:DE625AF5CF4822DB08035CC897F0B9F2
                                                                                                                                                                                                                                                                        SHA1:4440B060C1FA070EB5D61EA9AADDA11E4120D325
                                                                                                                                                                                                                                                                        SHA-256:3CDB85EE83EF12802EFDFC9314E863D4696BE70530B31E7958C185FC4D6A9B38
                                                                                                                                                                                                                                                                        SHA-512:19B22F43441E8BC72507BE850A8154321C20B7351669D15AF726145C0D34805C7DF58F9DC64A29272A4811268308E503E9840F06E51CCDCB33AFD61258339099
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........t...D)..0........ ...............................@..................................................P........................g.......#...................................................................................text............................... ..`.data...t.... ......................@....rdata..0d...@...f... ..............@..@.bss....D)...............................CRT................................@....idata..............................@....rsrc...............................@....reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):271256
                                                                                                                                                                                                                                                                        Entropy (8bit):6.040002515360521
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:XcxPVJy83/NkY56owwouBQGsyTfkaiX6P0a:XkPV483FB56wsyTfkOJ
                                                                                                                                                                                                                                                                        MD5:F9C562B838A3C0620FB6EE46B20B554C
                                                                                                                                                                                                                                                                        SHA1:5095F54BE57622730698B5C92C61B124DFB3B944
                                                                                                                                                                                                                                                                        SHA-256:E08B035D0A894D8BEA64E67B1ED0BCE27567D417EAAA133E8B231F8A939E581D
                                                                                                                                                                                                                                                                        SHA-512:A20BC9A442C698C264FEF82AA743D9F3873227D7D55CB908E282FA1F5DCFF6B40C5B9CA7802576EF2F5A753FD1C534E9BE69464B29AF8EFEC8B019814B875296
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....d..t....-...........................................0.................................................................P........................g......h.......................................................0............................text....d.......f.................. ..`.data...t............j..............@....rdata..............................@..@.pdata...........0...`..............@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@....reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2366456
                                                                                                                                                                                                                                                                        Entropy (8bit):7.412019243226958
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:UfH6zTpzzrjEEiNjbBnfnsKm8Igo+tDO6admDTDj:A6nxbqFnIdmS50PDj
                                                                                                                                                                                                                                                                        MD5:6613E98A6EFF88810424C120EA6901E8
                                                                                                                                                                                                                                                                        SHA1:DEF8283DC3BE0ED2A294B39811275B07A509C96F
                                                                                                                                                                                                                                                                        SHA-256:2DEF27D493717A7EA38A7565DB03F50215763B8CFE05E821B358D61DF2E95185
                                                                                                                                                                                                                                                                        SHA-512:A4C6D2DF297B0DB94B1F966D6B62935A72E0C2E1EE6EF7D42DE2C705F7A648BF47A1E5EE5037BC35B53F327B2F0CBBF36BD526B8BA4921B031FBD2290CD7B257
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ka..*.S.*.S.*.S.5.S.*.Sn6.S.*.S.5.S.*.S.5.S.*.Sc"PS.*.S.*.Sd*.Sn"RS.*.S...S.*.S.U.R.*.S...S.*.S...S.*.SuX.R.*.S*,.S.*.SRich.*.S........................PE..L....\.d........../.................l.............@...................................$.........................................x....0...A.......... .#..l...........................................................................................text............................... ..`.rdata...:.......<..................@..@.data....$..........................@....sxdata...... ......................@....rsrc....A...0...B..................@..@................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                                                        Entropy (8bit):6.475738224302649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:LkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1OH:JJll87GY2q61llaOZBjKt5qq4i
                                                                                                                                                                                                                                                                        MD5:CC7167823D2D6D25E121FC437AE6A596
                                                                                                                                                                                                                                                                        SHA1:559C334CD3986879947653B7B37E139E0C3C6262
                                                                                                                                                                                                                                                                        SHA-256:6138D9EA038014B293DAC1C8FDE8C0D051C0435C72CD6E7DF08B2F095B27D916
                                                                                                                                                                                                                                                                        SHA-512:D4945C528E4687AF03B40C27F29B3CBF1A8D1DAF0EE7DE10CD0CB19288B7BC47FAE979E1462B3FA03692BF67DA51AB6FA562EB0E30B73E55828F3735BBFFFA48
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@.....................................q....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Uninstall.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):332568
                                                                                                                                                                                                                                                                        Entropy (8bit):5.000961772420698
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:sbjak9Kn0bnccfHyeL+FRexTh6z6ryBLqB9fbUD6y9lvQzJLEX48:GdKn0bnfPjL1xTh6zub1QD3leLEI8
                                                                                                                                                                                                                                                                        MD5:8157D03D4CD74D7DF9F49555A04F4272
                                                                                                                                                                                                                                                                        SHA1:EAE3DAD1A3794C884FAE0D92B101F55393153F4E
                                                                                                                                                                                                                                                                        SHA-256:CDF775B4D83864B071DBCFEED6D5DA930A9F065919D195BB801B6FFAF9645B74
                                                                                                                                                                                                                                                                        SHA-512:64A764068810A49A8D3191BC534CD6D7031E636AE306D2204AF478B35D102012D8C7E502ED31AF88280689012DC8E6AFD3F7B2A1FE1E25DA6142388713B67FA7
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L...........<.........@.............................0.......[....`.....................................................<....`......0..d........;... ..........p...........................P...@............`..h............................text...`J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc.......`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_0015005A003C0015.txt

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):212
                                                                                                                                                                                                                                                                        Entropy (8bit):5.130579665409532
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:rtRVb3XbMk2JM0RG0DKhSi1tRVb3RAslwZVjwOrADGq:ZRVrQk2JTDFiHRVrRAjrjhroZ
                                                                                                                                                                                                                                                                        MD5:65C75BA77E3774092204A5D7A34186F4
                                                                                                                                                                                                                                                                        SHA1:20C58CDAF7ABD9CDA43AF4731467E2F6368FBC63
                                                                                                                                                                                                                                                                        SHA-256:4DA3AF39EE79FA31BB009F1C218AFEAE6C9F9EA8582ADDC6ED229EA7919AC5A6
                                                                                                                                                                                                                                                                        SHA-512:980EA3DD1298CCA9FF4A7EBA1D4C01E45FAB500493437C6789CA60FB326C5522F46EE99D4E7B3BB15D2A813FD5071596BA3E48D1A5AF1D50DC59911D44B2AA78
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:[ERR][20240727 19:48:28.705][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 2644. Error 31..[ERR][20240727 19:48:46.765][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (32-bit).lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:12 2024, mtime=Sat Jul 27 21:25:13 2024, atime=Wed Feb 8 15:45:06 2023, length=12807608, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):969
                                                                                                                                                                                                                                                                        Entropy (8bit):4.540302587048125
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mEhsVRYXoTh9g+dpF4AyKTP6LmAjAozqsAtbdpMZLibdpMV7xkx0mV:8mPdeKTP6iUArhxd2ydQBm
                                                                                                                                                                                                                                                                        MD5:B1E30859B5ECB23340743F1A5BF8B895
                                                                                                                                                                                                                                                                        SHA1:1CCBDAB978DBFA97706413B70138464030E68A1A
                                                                                                                                                                                                                                                                        SHA-256:F4626216F831C702F8C6A27C5B8FF256BCF6ED88EB6A82E0B68FF4978469685C
                                                                                                                                                                                                                                                                        SHA-512:FE43A9D646EF1B3D206E70DDA22663D6FDD5AEEBC996DB24B6C9AB55B0CD5384A343A97CF430B426FEFE759391ABFAC28D106A4567FE479B50A8CF28A66E67A3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ....D..s....-@.s.......;...m...........................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....v.2..m..HV.. .CHEATE~2.EXE..Z.......X'..X'.....2?........................c.h.e.a.t.e.n.g.i.n.e.-.i.3.8.6...e.x.e.......e...............-.......d............+.).....C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe..E.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.i.3.8.6...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit SSE4-AVX2).lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:14 2024, mtime=Sat Jul 27 21:25:15 2024, atime=Wed Feb 8 15:45:12 2023, length=16708024, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1029
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5663929841657955
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8miKpNRYXoTh9g+dpF4AyKTq8Uq8UUNZrXAjAkzqsA7YbdpM8UNZrhbdpMVVM0mV:8mvdeKTcwgrEAkuh7Md5grtdQxm
                                                                                                                                                                                                                                                                        MD5:EB2EA14B8018DDCAE424EC9580ADF0EA
                                                                                                                                                                                                                                                                        SHA1:7DC08D02DC4795BE316240E8400A96E5BAF230F4
                                                                                                                                                                                                                                                                        SHA-256:D3FA9E73B9F9A12A2EAA55F285909514A86686B48036F32116920686192875B0
                                                                                                                                                                                                                                                                        SHA-512:E44659123E48F6B699B9958DD532DABE6EA4882D167708661F6E0053592246C13999F1FA6670509317F0C3EF1109BA79547146B1795939B518E54E52B80D0F41
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ...DpF.s...4...s....\6..;...............................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.......2.....HV.. .CHEATE~4.EXE..r.......X(..X(.....:?........................c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4.-.S.S.E.4.-.A.V.X.2...e.x.e.......q...............-.......p............+.).....C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe..Q.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4.-.S.S.E.4.-.A.V.X.2...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H..

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit).lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:13 2024, mtime=Sat Jul 27 21:25:14 2024, atime=Wed Feb 8 15:45:10 2023, length=16718264, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):979
                                                                                                                                                                                                                                                                        Entropy (8bit):4.561592372184533
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mAlD0s0YXoTh9g+dpF4AyKTzBvzK2RksOjA2qsA7dybdpM8ObdpMV+Q6VQ60mV:8mAlDh8deKTRmfsyAJh78d5KdQ9Jdm
                                                                                                                                                                                                                                                                        MD5:B5ABDF7053C6B1BEFC7D0908675AE15E
                                                                                                                                                                                                                                                                        SHA1:A2EF0B7BFC9DFF33D69A90FABE750CD26859F888
                                                                                                                                                                                                                                                                        SHA-256:E6484851F6C286270620F3B3064B7AB3344101505914FBEEC664CC0509075EB0
                                                                                                                                                                                                                                                                        SHA-512:DC0A2E3506AB8D0C475528D70D727039C4E1922134D0DEA9B5C6C81B76ED3205198D79EB6601B5A7E91081BF6B2E49407ADB95DF5B1E8CFFC589F5C4DFFBBF18
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ......s...6...s..../...;...............................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....z.2.....HV.. .CHEATE~3.EXE..^.......X'..X(.....5?........................c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4...e.x.e.......g...............-.......f............+.).....C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe..G.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine help.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:21 2024, mtime=Sat Jul 27 21:25:21 2024, atime=Fri Apr 21 14:00:10 2017, length=306758, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):944
                                                                                                                                                                                                                                                                        Entropy (8bit):4.513377715709612
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mxEZYXoTh9g+dpF4AyKTChlawjA2EqMMFbdpMwuTbdpMVh6i60mV:8mxMdeKTIdAYBdsPdQZm
                                                                                                                                                                                                                                                                        MD5:A2F0BA8C888D77F2E8A01933189AEB2A
                                                                                                                                                                                                                                                                        SHA1:E2C88CAD2833B4337FDFE0CE8414549D35398E9E
                                                                                                                                                                                                                                                                        SHA-256:EAC19B1293FC6C922622B2C3F495D3F42FE3AE9FF52F853476AB08929BE535F3
                                                                                                                                                                                                                                                                        SHA-512:7BB4016861D093F461C84A5ED1A5AB7E240EF4EE3F722DEC0605E2C066E9A68E0900079F16B2D78A324936D406AD55F786BA211CCBEC8807A5BD934E73022ECE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... .......s.......s....9......F............................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....l.2.F....J.x .CHEATE~1.CHM..P.......X+..X+......@........................C.h.e.a.t.E.n.g.i.n.e...c.h.m.......`...............-......._............+.).....C:\Program Files\Cheat Engine 7.5\CheatEngine.chm..@.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t.E.n.g.i.n.e...c.h.m.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial (64-bit).lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:21 2024, mtime=Sat Jul 27 21:25:21 2024, atime=Fri Sep 30 18:38:22 2022, length=3403192, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):964
                                                                                                                                                                                                                                                                        Entropy (8bit):4.582833149506714
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mv8rshYXoTh9g+dpF4AyKTL7B2jA5q0gwbdpMJBObdpMVuf0mV:8mEodeKTBKAs0pdeKdQBm
                                                                                                                                                                                                                                                                        MD5:78B14123DA526531B2019420AAD7E34B
                                                                                                                                                                                                                                                                        SHA1:E02491EA89B1F919A0908FCCD6994AD2EDCD7930
                                                                                                                                                                                                                                                                        SHA-256:610EE76944E2E979C402F03EB3BA18C2310C57B5FEED48717D539985FD3B8411
                                                                                                                                                                                                                                                                        SHA-512:9B6C274C7F1E4771915E463A76C1673CC5A01EBDB16A2C695884A0CB5800AD7F1301918FC5EF8924CA9522E482C75D10086BAE252934A2644FC0D16E00CEC873
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ....k..s...5...s....K.3......3..........................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....t.2...3.>U. .TUTORI~1.EXE..X.......X+..X+......@........................T.u.t.o.r.i.a.l.-.x.8.6._.6.4...e.x.e.......d...............-.......c............+.).....C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.T.u.t.o.r.i.a.l.-.x.8.6._.6.4...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):665
                                                                                                                                                                                                                                                                        Entropy (8bit):2.989929398381464
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:4xtCl0Xw0Ml//A9LY/dlrtelX8SKA89NTNAm6tibdlrMAe8mAm6ebdlrMAe8w:8wl0g0kXXdpUfKfBNAsbdpMJAibdpMV
                                                                                                                                                                                                                                                                        MD5:9CECB30EE563CEF0187E17C153C87AD2
                                                                                                                                                                                                                                                                        SHA1:35A124D70C992855C8AABAFD25A99520D2CE5BE6
                                                                                                                                                                                                                                                                        SHA-256:BF93799CD75A79868A1B5834D55644500110270F77529512824E2F9F1F605C06
                                                                                                                                                                                                                                                                        SHA-512:23ECD43901FED7827AAB04B4A4C55D0FEFD2EB39DA29A32EC0D031D9F116C61ABC3199CA38D949A44F3EF6DF774F071C0B2349B57413F92704D7C6031421B52D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F........................................................}....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....r.1...........Cheat Engine 7.5..R............................................C.h.e.a.t. .E.n.g.i.n.e. .7...5... .t.2...........Tutorial-i386.exe.T............................................T.u.t.o.r.i.a.l.-.i.3.8.6...e.x.e... ...B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.T.u.t.o.r.i.a.l.-.i.3.8.6...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.....

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:12 2024, mtime=Sat Jul 27 21:25:12 2024, atime=Fri Sep 30 18:37:02 2022, length=399264, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):949
                                                                                                                                                                                                                                                                        Entropy (8bit):4.505232463981952
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mW8p9C40YXoTh9g+dpF4AyKTcdDg0zKF7TjEjA8qMiYbdpMwkbdpMVir0mV:8mWoN8deKTyK5QAnWdidQxm
                                                                                                                                                                                                                                                                        MD5:32368C1DA382388F6BB12284687F5828
                                                                                                                                                                                                                                                                        SHA1:0C5F15C69294DF410CBBD9079A10F7DF656643CA
                                                                                                                                                                                                                                                                        SHA-256:DA87B38FE1DA297C2A28728153D0CD8D1F5D972F76B2C646A1038D2E29A355D8
                                                                                                                                                                                                                                                                        SHA-512:8B5ABD21F6645D7BC5AA15C6B046FB4FD59F8470BD0E28787F1348BA686AFF417FE07957B5BF6621D27E1B37F2F6EA85F8D37A9CB07B82999BECDA4B0341B330
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... .......s.......s....CV..................................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....n.2.....>U.. .CHEATE~1.EXE..R.......X'..X'.....1?........................C.h.e.a.t. .E.n.g.i.n.e...e.x.e.......a...............-.......`............+.).....C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe..A.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t. .E.n.g.i.n.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff\Unload kernel module.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:19 2024, mtime=Sat Jul 27 21:25:19 2024, atime=Wed Jan 25 17:19:40 2023, length=242616, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):995
                                                                                                                                                                                                                                                                        Entropy (8bit):4.530145891416181
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mhR4HYXoTh9g+dpF4AyKTylxeAjAEq/FbdpMcmbdpMVeb1b0mV:8mhRCdeKTyjhAf/pdZCdQ5m
                                                                                                                                                                                                                                                                        MD5:659684D37D6D00F09090CC2C13134BA9
                                                                                                                                                                                                                                                                        SHA1:9AD758C3664EAA9C5C91EBE4BE1179B068041C59
                                                                                                                                                                                                                                                                        SHA-256:AC97F6C4FA2DE6CA2310D35CFAE9D1444C9DDF632534877EB3F1041DA707FF8B
                                                                                                                                                                                                                                                                        SHA-512:2A6B39B073BA1C96674426232493E4CD1B2DCA9769E8CAF1CE99B2757E8EE624C0366B76019E1066E6F3D18F37F454ADC3DF406884978C3920698AC91D24C93C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ....w..s....c..s.......0...............................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....~.2.....9Vt. .KERNEL~1.EXE..b.......X*..X*....."@........................K.e.r.n.e.l.m.o.d.u.l.e.u.n.l.o.a.d.e.r...e.x.e.......i...............-.......h............+.).....C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe..L.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.K.e.r.n.e.l.m.o.d.u.l.e.u.n.l.o.a.d.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ...a.gL...,...E...hT..CrF.f4... ...a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Lua documentation.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):822
                                                                                                                                                                                                                                                                        Entropy (8bit):3.3455528192085535
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8Ql0M0m/3BVSXz5dlsW+fy9+B0bdpM6iNL4t2YZ/elFlSJm:8AJ/Bql+fW+GdK5qy
                                                                                                                                                                                                                                                                        MD5:043CCC4692426220B9446A0EC57866AD
                                                                                                                                                                                                                                                                        SHA1:CAA088A5E8C3C54FD5E6FA619D881FDC72FF42D9
                                                                                                                                                                                                                                                                        SHA-256:40CDBB79FD47554E716C2BD47A48BA4401F0C93BF73AFC6F4F21EB891DAC8D92
                                                                                                                                                                                                                                                                        SHA-512:388E78F675605282E8471CABFA0390AC74979446EB04E7F7F552F7AB3C6911FC59141933CD46F2DE136E68056D6751C647FF4C8559502ED60B9F1586F6F710F5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F........................................................A....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....b.2...........notepad.exe.H............................................n.o.t.e.p.a.d...e.x.e.............\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.n.o.t.e.p.a.d...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.e.l.u.a...t.x.t.........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Reset settings.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:19 2024, mtime=Sat Jul 27 21:25:19 2024, atime=Fri Feb 3 03:35:32 2023, length=309664, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                        Entropy (8bit):4.53287798896582
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8m228GzZcBRYXoTh9g+dpF4AyKTt56lctYjAOqSaDebdpM3bdpMVAsds0mV:8mp9KHdeKTt7yAxb6dEdQAKLm
                                                                                                                                                                                                                                                                        MD5:A8C6E5CA78CD50C2827E26BE70572D3A
                                                                                                                                                                                                                                                                        SHA1:799CA60DCF57D6FE6892F25052FC2BC5891EEACA
                                                                                                                                                                                                                                                                        SHA-256:5EA5A4421332662D78B132B5704CD91562A1E8F0702654752E61F046C05F9E75
                                                                                                                                                                                                                                                                        SHA-512:3C8CF1EDAD2F29D2AB5AB9732899625D1D45D25612D58F04BC55CCA40BC9AC9770F97EE687D394D70C28F8827813E09B7AF4B0DB008DCB18935D11B8F9C14356
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... .......s.......s.....;.7...............................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....j.2.....CVp$ .CEREGR~1.EXE..N.......X*..X*..... @........................c.e.r.e.g.r.e.s.e.t...e.x.e......._...............-.......^............+.).....C:\Program Files\Cheat Engine 7.5\ceregreset.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.e.r.e.g.r.e.s.e.t...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ...a.gL...,...E...hT..CrF.f4... ...a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Uninstall Cheat Engine.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:12 2024, mtime=Sat Jul 27 21:25:12 2024, atime=Sat Jul 27 21:25:08 2024, length=3223968, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):929
                                                                                                                                                                                                                                                                        Entropy (8bit):4.545855879802382
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8mReIa6PYXoTh9g+dpF4AyKTNY9lHoAjAwqZkbdpMUwbdpMVop0mV:8mRMQdeKTu9lHoUATedjEdQ5m
                                                                                                                                                                                                                                                                        MD5:62FA2374FC7F5064A51F946C68E919F1
                                                                                                                                                                                                                                                                        SHA1:3E81026C8730F62E67A3280ACD43A00B296C6746
                                                                                                                                                                                                                                                                        SHA-256:2E573CD877E1C338D7D47B047A150BD017550DAD74B4ED437E65CEACEF8EE85D
                                                                                                                                                                                                                                                                        SHA-512:8AE425B57A0B0F7A8A92153EBD2F8C10F6BCFB47480140A7F1B0311FEFD115B329D77DC38A8EAB7B291E1745EC73750B5B970630C8136CAEE4DA18EFEB853779
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... ...>Z..s...>Z..s.......s....11..........................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....f.2..11..X%. .unins000.exe..J.......X'..X'...../?.......................u.n.i.n.s.0.0.0...e.x.e.......]...............-.......\............+.).....C:\Program Files\Cheat Engine 7.5\unins000.exe..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.u.n.i.n.s.0.0.0...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ...a.gL...,...E...hT..CrF.f4... ...a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):71954
                                                                                                                                                                                                                                                                        Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1398
                                                                                                                                                                                                                                                                        Entropy (8bit):7.676048742462893
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                                                                                                                        MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                                                                                        SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                                                                                        SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                                                                                        SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                        Entropy (8bit):3.216651982877417
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kK9Ul9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:2MDImsLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                                        MD5:8A00C6B60D1FA9C25F50FCF540B2FA10
                                                                                                                                                                                                                                                                        SHA1:2CB37E75C0A472D2B46BE4D5EE058AC62C484FD1
                                                                                                                                                                                                                                                                        SHA-256:2408970D3B89D9D1279571CE6D5BBB8996DEFD7491983C28C7F91AB6D378653C
                                                                                                                                                                                                                                                                        SHA-512:D8C1F44EC93BB68214A25CC12EA1AEE07C7E7A197CA7731F22DBFBBF099BBE0D7D66AD29317C6A18AE9DA0ADE2FB5F0DECFF2D6F4F18885011D4171483AD0F55
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:p...... ........~...s...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):264
                                                                                                                                                                                                                                                                        Entropy (8bit):3.0808664722637795
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kKDp5WFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:jYkYGIWzyZ3qe3KQjxXIT
                                                                                                                                                                                                                                                                        MD5:6FF0AE3D3BE0A0247947DE90A7844773
                                                                                                                                                                                                                                                                        SHA1:06961BBEA6D0FCA8734F6049E77D4887D7BF5DBB
                                                                                                                                                                                                                                                                        SHA-256:61994E442D66501ADF2AB94674F489EBF4C1EC94C6E77351E1C7CEFDB0FC7135
                                                                                                                                                                                                                                                                        SHA-512:0921CA6644D4D4F4D5A975CBC4025140D5916F4137A8547123BB5378259B087BE3AD6125D25ABF15EED140D22664F87BF6B03FD81DD2539C16823686194533A1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:p...... ....v...1.n.s...(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UnifiedStub-installer.exe.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):425
                                                                                                                                                                                                                                                                        Entropy (8bit):5.357964438493834
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
                                                                                                                                                                                                                                                                        MD5:D8F8A79B5C09FCB6F44E8CFFF11BF7CA
                                                                                                                                                                                                                                                                        SHA1:669AFE705130C81BFEFECD7CC216E6E10E72CB81
                                                                                                                                                                                                                                                                        SHA-256:91B010B5C9F022F3449F161425F757B276021F63B024E8D8ED05476509A6D406
                                                                                                                                                                                                                                                                        SHA-512:C95CB5FC32843F555EFA7CCA5758B115ACFA365A6EEB3333633A61CA50A90FEFAB9B554C3776FFFEA860FEF4BF47A6103AFECF3654C780287158E2DBB8137767
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\ArchiveUtilityx64.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):158512
                                                                                                                                                                                                                                                                        Entropy (8bit):6.366328902517048
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:ixAyrpDDw+Quvmsd3xsVjxlppyYlDB5sqnjJHSGzj2:aAWDUuvmsd3GnjpyYlt5pa
                                                                                                                                                                                                                                                                        MD5:C70238BD9FB1A0B38F50A30BE7623EB7
                                                                                                                                                                                                                                                                        SHA1:17B1452D783ED9FAE8FF00F1290498C397810D45
                                                                                                                                                                                                                                                                        SHA-256:88FB2446D4EAC42A41036354006AFADFCA5ACD38A0811110F7337DC5EC434884
                                                                                                                                                                                                                                                                        SHA-512:DD77E5C5CF0BF76BA480EB4682C965D0030171A7B7A165A6D1C3BA49895BC13388D17DDBB0FE3AC5D47B3D7D8110942C0D5B40E2FE3DF0A022E051696EC4FEB6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)...b...,...b.......b...#...)...(...............'.......8...b...*...)...t...C.9.......+.......(.....g.(.......(...Rich)...........PE..d...B.Uf.........." ...'.d................................................................`.............................................T.......(............`.......6..05......P.......p...........................@...@...............`............................text...pc.......d.................. ..`.rdata..............h..............@..@.data...p<... ......................@....pdata.......`......................@..@_RDATA...............*..............@..@.rsrc................,..............@..@.reloc..P...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):349024
                                                                                                                                                                                                                                                                        Entropy (8bit):6.20930916625922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:n1sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfT:n1sSmRIt/xhtsOju1DH5NXnIKAci
                                                                                                                                                                                                                                                                        MD5:87D7FB0770406BC9B4DC292FA9E1E116
                                                                                                                                                                                                                                                                        SHA1:6C2D9D5E290DF29CF4D95A4564DA541489A92511
                                                                                                                                                                                                                                                                        SHA-256:AAEB1EACBDAEB5425FD4B5C28CE2FD3714F065756664FA9F812AFDC367FBBB46
                                                                                                                                                                                                                                                                        SHA-512:25F7C875899C1F0B67F1ECEE82FE436B54C9A615F3E26A6BEC6233EB37F27CA09AE5CE7CF3DF9C3902207E1D5DDD394BE21A7B20608ADB0F730128BE978BEC9B
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ....................................`.................................0-..O....@..................`;...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.Data.SQLite.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):370744
                                                                                                                                                                                                                                                                        Entropy (8bit):6.1104091244570675
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:VruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmt:INWx6xz+nRo2GGWHQZMaLyJSJFNFaFeo
                                                                                                                                                                                                                                                                        MD5:FFBB71041C9A01DA9EA90BDD4C0096A2
                                                                                                                                                                                                                                                                        SHA1:D4E9E5B70B356489F1C6EEFCCD58B343F9D79E44
                                                                                                                                                                                                                                                                        SHA-256:178570575291B95C767BA304D71C5310A94E93B6C1F673B9179D41A75A48D0E8
                                                                                                                                                                                                                                                                        SHA-512:AE7926C6CE85464B66FD73C1FE046F51DEE1739DD7476C8FBAC39D8479E7F8CB891C216DDBB160E5CECF828EFDEB2BF1C10A630BA57ADCF302AA7A2D83CC9728
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ..............................Fr....`.....................................O.......$............l..8<...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\System.ValueTuple.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):75800
                                                                                                                                                                                                                                                                        Entropy (8bit):6.026203256069962
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAA7sxR:r7NV8v36tI0XCKAAy
                                                                                                                                                                                                                                                                        MD5:F34410B23B973CE915C40345C96DD82D
                                                                                                                                                                                                                                                                        SHA1:57B1D2DD6600CBCC64062549A925A4548CF9A47C
                                                                                                                                                                                                                                                                        SHA-256:E461CD2F7700FD28A3869D7C65F805058E0C30D44D9BCAF390ADF1896548B0D3
                                                                                                                                                                                                                                                                        SHA-512:CAE7D1CDFC68CE705D6292BE1A60C074F1E5B56E58D1558C958FC1022465626669D38CDE891152247C8877985C63A4806A4F0F82664E40F3AE173BF2B1280702
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......$.....@.....................................O.... ..P................2...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\cs-CZ\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.881485510441517
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:LIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YV+:L3pQ8vQToxMi5emzUA8rYgLIOrnz8uu0
                                                                                                                                                                                                                                                                        MD5:999C5174344E3AF9CCD1E17299448E76
                                                                                                                                                                                                                                                                        SHA1:B66455DEB863B0A928D4E55ACD886E3C16506DE6
                                                                                                                                                                                                                                                                        SHA-256:0748A7D73F44ACDC027ABF5177DA04DD69D773299138EA0B25D3DBE4C00AD4A0
                                                                                                                                                                                                                                                                        SHA-512:E4F0C9C443070BBE348BA142FFB28631D4B86CA9D4DC1AA18E0711650CF063F590E2383A54C693ECA4CBA57EEC946BB5DFD2FFEA45820682D2C49DBC3ACFF612
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........NE... ...`....... ....................................@..................................E..K....`............................................................................... ............... ..H............text...T%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................0E......H........A..d...........P ..J!..........................................F!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\da-DK\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.746338816012684
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:IIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHt:IXN3EsVfvVx8rUrb+M0lIVixNqiomyJZ
                                                                                                                                                                                                                                                                        MD5:C2819AE6DB238F0D9FDD865347819A40
                                                                                                                                                                                                                                                                        SHA1:35F19D2AEC295FD7F98CE039DA95A0A556517B2B
                                                                                                                                                                                                                                                                        SHA-256:DA090057B5388EF09CA5F6E72C729F0330FC3CC0352E2EE704982E979DC4E1F1
                                                                                                                                                                                                                                                                        SHA-512:FD015CE397D556A669B1D83CFE82400998B7484A1F50D8683AF80EDC1533784196DF9092EDB4F6E727C45DF8B8430745DED57F154833626CEE7C778883074385
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..d...........P ..<!..........................................8!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de-DE\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.758461459269092
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:l5rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndC58i:2PAKtnHOdvPhO2dmyndC58i
                                                                                                                                                                                                                                                                        MD5:63DB7F10882D9A963496A27CE65A6F35
                                                                                                                                                                                                                                                                        SHA1:DED19C471C9139479F25FB5B5B42C48163491763
                                                                                                                                                                                                                                                                        SHA-256:50A5AF3023A6BE366350730D9962DA94DACA926CFB5F9C5C3EF04C5AB5A06103
                                                                                                                                                                                                                                                                        SHA-512:04E7A081CC7814C93E10A7D21768F864026B2DF6FB58D3D67CDBE8D643B7497B6FBFC2064A75F8CA8C6147E12A04A9CE2E9E492CE7906EE0EDA6E71A2690D51F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........F... ...`....... ....................................@..................................F..S....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......4C..d...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.557060180794725
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
                                                                                                                                                                                                                                                                        MD5:F83D720B236576C7D1F9F55D3BB988F9
                                                                                                                                                                                                                                                                        SHA1:105A4993E92646B5DBB50518187ABE07CA473276
                                                                                                                                                                                                                                                                        SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
                                                                                                                                                                                                                                                                        SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\el-GR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                                                        Entropy (8bit):4.982978904707212
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:EnpUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozT958I:yJs5xEGzfOPMvMx58I
                                                                                                                                                                                                                                                                        MD5:765162C01B6A1D4B1EF68832658F4EDA
                                                                                                                                                                                                                                                                        SHA1:0054503A01721F374796199F2202F308BAF0B280
                                                                                                                                                                                                                                                                        SHA-256:0EF2B0E94D98919186598312218A6BDF5E5C58D7BBA15E85C08CC64454081970
                                                                                                                                                                                                                                                                        SHA-512:6CEE1EE72E0AF4246EF6DF458CF68EA66C3987F915FBA642610C00D1C7CF3F23596471B9176ADAEFDF61E7891462665588056DF0A51835130965B148246237C1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....2...........P... ...`....... ....................................@..................................P..O....`............................................................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......HM..d...........P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es-ES\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.713044834675741
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:cIYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7F:cuGe/V0ni6wxCjfpzocEs5dMvkcDqPD7
                                                                                                                                                                                                                                                                        MD5:648AD011C505A34A9A756209FF749753
                                                                                                                                                                                                                                                                        SHA1:4325FBB69E9BE4B38DE9BFC81F91CC851FB16145
                                                                                                                                                                                                                                                                        SHA-256:0CA79AE16990C66CE642475AE2C48EDD9C7D93D1CA361A84FF67B046E3DB1272
                                                                                                                                                                                                                                                                        SHA-512:980C68CB78807190911CED7F013FAAB3036C39BA1CB45EB41AEE9010C048E2F149303E881D7AE6C8A7494D51E5760A6ED0039B0E13502E28EE4B76CBEFA2C52A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text...$%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......dA..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.425694157692337
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
                                                                                                                                                                                                                                                                        SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
                                                                                                                                                                                                                                                                        SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
                                                                                                                                                                                                                                                                        SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fi-FI\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7226745243816906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:K9IYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUi6:K9RkNcDtxJMxAM2+9Ul/laxRe8ZGGWgL
                                                                                                                                                                                                                                                                        MD5:2D4061061AF403D74AF69EEC9DFE6BA3
                                                                                                                                                                                                                                                                        SHA1:ED9F6F00A4F2ADA56485294E6BE527BB155EDF9E
                                                                                                                                                                                                                                                                        SHA-256:3F3D9DD8A18721304CB4BBE992BA0F4F5429A848B1B07FCA1919223DEE35161C
                                                                                                                                                                                                                                                                        SHA-512:2CE44FA04FEF89295AB0729C2A6EAA03818D77F14E700700CD6C54BA25ED3F07793F575CB88C9332AD65D46E8124D81453035D4C097034529FAD43DB3AFD1F93
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fil-PH\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3998629103661635
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:b0Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmP:b0Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4e
                                                                                                                                                                                                                                                                        MD5:119609E491507BF1AC03571959DFB46F
                                                                                                                                                                                                                                                                        SHA1:5BFA87B946F8EA2559DD3039EDAAB1F710EB7C67
                                                                                                                                                                                                                                                                        SHA-256:68B32C96F048BE6FDF16050A5D5C073E2F9C5B76A4305CFD0E0A7AC9A45E6726
                                                                                                                                                                                                                                                                        SHA-512:3DAF79B9C30BC7A64FA388B35C750951874ED114697AD9A9F4E8AB733BACC71770983A007C837989526F1F45A2D60D87A58E395E27864FD16BB545110519937F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!..... ...........>... ...@....... ....................................@..................................=..K....@.......................`....................................................... ............... ..H............text...4.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......x:..h...........P ..'...........................................#..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..]....b..`............)...s..%'..JA*......>.$.\.&...'

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr-FR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.837603709696788
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:oY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXR58b:2BImyDM5DtyXwGY7uXR58b
                                                                                                                                                                                                                                                                        MD5:49308946ADC1C1565024EAB211D2A703
                                                                                                                                                                                                                                                                        SHA1:F0004DC3E436FEE811A79618D6029DB0497D4A42
                                                                                                                                                                                                                                                                        SHA-256:82C2F6F6A3F4870F8486EFB70BEBC6BA085838A051BD465AC2C638079C14B891
                                                                                                                                                                                                                                                                        SHA-512:7A17AFB06AB0D036C0D80D3326695F17E52C8365C4B7F86FA668F090CA5A4416B4881C2110D075C22F650CDE6B8D04135669B886AEBEB030DA9ABA74B796CFCF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........G... ...`....... ....................................@.................................\G..O....`............................................................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..d...........P ...#...........................................#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.588569516197988
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:YWWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VP81g5rxg0XWr:Y1NvbdKJiDjgmlRi0HYZDMp5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:3B4621370ADDCF4306669C9E7E45C865
                                                                                                                                                                                                                                                                        SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
                                                                                                                                                                                                                                                                        SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
                                                                                                                                                                                                                                                                        SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hi-IN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17408
                                                                                                                                                                                                                                                                        Entropy (8bit):4.802138576816784
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:lIE5h/2kXJsxw5w2UW4ctvHU+Th60iu2F6mKVZnCyJT2ox8mn9THjI5gE2ac7D5P:lXJsO57hOt9AZnttxKqN58Q
                                                                                                                                                                                                                                                                        MD5:A9854641A26F4C67F43C62808AE321AE
                                                                                                                                                                                                                                                                        SHA1:A89D6B3ABED21270B6311161D4118AA26D82A69F
                                                                                                                                                                                                                                                                        SHA-256:B91AAE7B8D476828108FCF99E4348EC533A7FCD2654F630B3B6255FEF2B32DA8
                                                                                                                                                                                                                                                                        SHA-512:E8291B1BE4F00CB41857CB5CA83D617369E9AF1AA58829A85D6A696C78E5CFA1B0B0CC5CB1041961A05B85C512CE7E2F15978DC62032ECA6899B9664472C0881
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....:...........X... ...`....... ....................................@.................................lX..O....`............................................................................... ............... ..H............text....8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................X......H........U..d...........P ...4...........................................4.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hr-HR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.744554675762649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:+IYVdDpBwGpkiVlZPxZlrPy2o92kGetEQyPIlUVKC3JDsS7qSmKV/4jNni67gXWu:+1DpBwSkoZPxZlrPY92kGetEQII2oANn
                                                                                                                                                                                                                                                                        MD5:4D275EF7CE5F02C9C92F2D10A90B78CD
                                                                                                                                                                                                                                                                        SHA1:319785221773DDBAFFBBE29A9B04DAF37C517BD5
                                                                                                                                                                                                                                                                        SHA-256:A3B7D4A8462021F7DD05DD15273FB41EEBEAA566BE106CD71C9B8A28A03DFD8B
                                                                                                                                                                                                                                                                        SHA-512:45800341E338301FF27F6D6F1EEA52E12941883B3FFA45CA96DD76FFB9BCCB5AF8138C724ED078846F9AD5370FF2B5C1D9C5F584B5D121115C4257F6889C34D1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@.................................|D..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\hu-HU\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7989297090684016
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:adpTgTI4gNxtBqu+p5DXv00jiOKQosgcekILk0pltfN58x:q4gNrBnOVlgcekILfpltV58x
                                                                                                                                                                                                                                                                        MD5:ADF094F101CA6B84BB7E2296EABCB05D
                                                                                                                                                                                                                                                                        SHA1:1C6F38FCF1E072865118803DF5C7F356456D23EB
                                                                                                                                                                                                                                                                        SHA-256:85241CD496E646DB4EB9DF9C8808CBD1384964F61B7CB4FEDB1B812FC913E9F0
                                                                                                                                                                                                                                                                        SHA-512:89249C151395AB1D2E698221553634D1FB39B48A667A46139B4CCE5B890B6B1C66F646D0229A31699949F07336042C9A5604A10C0B51246091825CC01700D5E9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........F... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text...$&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......`B..d...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\id-ID\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.680086159864234
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:LqIYIZcKqG4ny8ZxSWuwCoBWidWjZdPAhDHPBg37eXCIKKXgXruQm8X0tF8HgGCe:LqOZcKqG8ZxSWuwCoBWidWjZ9AhLJ2SI
                                                                                                                                                                                                                                                                        MD5:6863EB1B4658AC9D04729CCE4E70480A
                                                                                                                                                                                                                                                                        SHA1:E0731B472F8D535AFF29BE240659D601BAECFB3C
                                                                                                                                                                                                                                                                        SHA-256:80E43D515959F4F7EE8138C74FB5BCF1F3DD7BCB19666760812C5BC46AF94B98
                                                                                                                                                                                                                                                                        SHA-512:D84EC0BFC778AB0D3F066129EB2BBA4E13A60C1E7B66994F1087790AC9DA635DA0C7F506FE92C6E46A76756686566AEB83EB81899C5FBFE23503632B5B076673
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......(A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it-IT\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.768378931838588
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:nIYr9kupX/Gdq8SQxZdNYobyRXvujVf9UgPw/ev3nww3OajMRD1TLIjB5leULIp5:n3kupX/GSQxZdNYBRXvujVf9UOwGvwwy
                                                                                                                                                                                                                                                                        MD5:9D5CEBB0C561E0DA0BCE75E527465BC9
                                                                                                                                                                                                                                                                        SHA1:2851D4995D9E9A37A0C1404C8E215B204871204E
                                                                                                                                                                                                                                                                        SHA-256:35BD747676E8512899D56A80276CA1835E6FCB17B309F80E709860363DFAA52F
                                                                                                                                                                                                                                                                        SHA-512:0A276428145E9B42E88757D8D1BA5C20A54AD7E1A287F9A9BFACCEB319901822D17C0D28DD96895B752A14867B19E2907E49E5968B77A8114A1D41C2F431BB0A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................E..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......4B..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.368637490829895
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:vOiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPD1q5rxg0XWr:v11NvbGTNgr1nJI3+07MM5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:1C331DA4BCE2809E16913C02E385576E
                                                                                                                                                                                                                                                                        SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
                                                                                                                                                                                                                                                                        SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
                                                                                                                                                                                                                                                                        SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ja-JP\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                                                        Entropy (8bit):5.087780030270019
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:WxwAHD6CkxQdCnvRl/oRHx8asale681v/e589:ZCkSdK0t81vW589
                                                                                                                                                                                                                                                                        MD5:E77665402F7750BFA2B38018E5CA72DA
                                                                                                                                                                                                                                                                        SHA1:F3974F0F8F7E2FB60B41B77F08D226FC8787C324
                                                                                                                                                                                                                                                                        SHA-256:BC57C5F54A2CFD2212504E19D84C2E5FACF29D940B8631538CE82207244C8BB6
                                                                                                                                                                                                                                                                        SHA-512:59682D579A6458902E7208CAE06492081A8233C2D2A383D65C2EF5A40D4DC36211D14005B684587AFF08E8B32DD83FD81C3C454441DD905F94AE967A65B08844
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....,...........J... ...`....... ....................................@..................................I..O....`............................................................................... ............... ..H............text...$*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................J......H.......hF..d...........P ...&...........................................&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ko-KR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):5.202416131377818
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:DFWuuyUdKvx4W9SxBmJsEMGFW/uuH2LlLTDUCl9w5JHJ8/uDP58z:WdKv+WqV2ZLToU9wXi/ub58z
                                                                                                                                                                                                                                                                        MD5:6935598916AF67879EA1BFB9E1D1FC50
                                                                                                                                                                                                                                                                        SHA1:54EE67CB95C349F5286CF5E9B2E5C0B7E01E1875
                                                                                                                                                                                                                                                                        SHA-256:C4E8DBD22A2BC4DB1844B75E600DFB8810EC1BD79AE9244E9BF95D6CD07BA593
                                                                                                                                                                                                                                                                        SHA-512:CFBF6C99640064C04D57E7F01F44EC378DBEBB42193B375080B2BD6E413111B1AD5D3CDA30E40A7CD2C0D5E0668372ADE5A9B71DE825DC0F337D9D9C2CD732C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(..........NG... ...`....... ....................................@..................................F..W....`............................................................................... ............... ..H............text...T'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B................0G......H........C..d...........P ..=#..........................................9#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nb-NO\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.693180822922721
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:WIYfsK6eGOy+v3qxh7EFBYn1p4hVYTPMPhT9CEGF3aN3MfCExO4MV09J7wcLaaEc:WZsK6epv3qxh7EFBYn1p4hVYTqhTAEGV
                                                                                                                                                                                                                                                                        MD5:58AFB3AE460111832F87628A55578CD1
                                                                                                                                                                                                                                                                        SHA1:9E43CE2918E003B67B80C7A2ABD314D8C489BC35
                                                                                                                                                                                                                                                                        SHA-256:0EAC601A33C74E373EEA3B72C6826E9512154852D9EDA174F5959EB8551DEDC4
                                                                                                                                                                                                                                                                        SHA-512:9F95FA0EB3AE3E2400A1A399D2821F6BC40D065C1E182304DB67B55E03D934A54153524D67D73FB5302781A988A7A87EAA23040C44C598298E078239C3EA938B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@.................................dD..W....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\nl-NL\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.73364372569939
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:etIYBN1XfOGCvouQTxklOVw/lzyOl/dEf80gPCdmP347U9DC47aqFD37E/avkeZu:CTN1X2HQTxklOVylzyOl/dEf80OCQPAn
                                                                                                                                                                                                                                                                        MD5:3F2522D425B3CC674925C117F5EB7984
                                                                                                                                                                                                                                                                        SHA1:E43D21EBD065BB42C0D66FD09E741F3FE75D04A4
                                                                                                                                                                                                                                                                        SHA-256:0F2D18D4EA34E514BC0865EE2C4DB488E44AB96A6F60D8666FA1CBAA50F83BA0
                                                                                                                                                                                                                                                                        SHA-512:DBF57878A763147E2312BADC78B3FE3A35D9F06F03681B071C5D3DFD84EEFCCF8877693D591C63A8D92628B1CDD59A8C30489D2094E9F59BFFDFA9920721FA2A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........nE... ...`....... ....................................@................................. E..K....`............................................................................... ............... ..H............text...t%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................PE......H........A..d...........P ..i!..........................................e!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl-PL\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8003614094777545
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:aIYfp3DcrGr6SHAOzLxE6oMuN50rtbxn/XidPWd3SJC30Gh58xSoHR+hxWfbrVsu:aZp3Dcr2NAcLxE6oMy50rtbxn/Xi9Wdq
                                                                                                                                                                                                                                                                        MD5:046D8A330F45EFDE3EB3F83F446663DE
                                                                                                                                                                                                                                                                        SHA1:DAC7E590C64A39332FD6527CDD21B194257234D6
                                                                                                                                                                                                                                                                        SHA-256:1332F9D4F4189C94E25B7755D8BDB779C4C016229B93C10D8CFA978B1B41A6B4
                                                                                                                                                                                                                                                                        SHA-512:BCF70C1B1751D5DBFF1A6A97C07B04749603DB246EC40B3658F1E673BE4C80D1FFAAE1E3A8A70A1C949494B12531237FEF1EBB647EF7B2DF1C617F458A56CAA6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.594776627495051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:haWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPb1V5rxg0XWr:g1NvbaG1cxy8ONHskdD5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:B60817A69E314B22F746917C826DA53E
                                                                                                                                                                                                                                                                        SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
                                                                                                                                                                                                                                                                        SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
                                                                                                                                                                                                                                                                        SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-BR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.717379118116406
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:NIY1nlNKGnxGxIDx+sQ0Y4EQujHOVhPgdfBF3UTVV/Lea/FVgYISK+uZqiF4Afk5:NrnlNK/xIDx+sQ0Y4EQujHOVZgdBtofn
                                                                                                                                                                                                                                                                        MD5:81F5B0997E189FEC285ACD3443FD109B
                                                                                                                                                                                                                                                                        SHA1:0306EC1169E196997BF196EC985105EF1464A2C9
                                                                                                                                                                                                                                                                        SHA-256:0F4397AD0FA9627DF4B50BAEB213EDB790AAEDFC1862708B8D4D401620C6D47F
                                                                                                                                                                                                                                                                        SHA-512:156F7082E24FB87765F83859834DA4027AB473821B7E39C92E206D0F1DF827EA17F243A913C5FFC890ECB7506BA4A7E28986272A988A38D05619C7034B329ADB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..d...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt-PT\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.728117001174555
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:xIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4I:xrnlNKNu7xKgUOVBQ6Bo19sPTLM80aol
                                                                                                                                                                                                                                                                        MD5:2955126EC370BB65EE76E53DCF1FBCDC
                                                                                                                                                                                                                                                                        SHA1:CFFCC8D9D2414863FD45DA41F03030878A7F8769
                                                                                                                                                                                                                                                                        SHA-256:A5FE29467CFE179EFA29C1A4C1DC39247517150E734ACB20AB29C3FF817CCD3B
                                                                                                                                                                                                                                                                        SHA-512:56F6164D09BACA5D86844D126BF557410F15B442D43DD072A102F78BC02192F2ED734012BB1127DD09C0821115DECB6E6B3E0BB637423FEBE7069BA8BF275617
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..d...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\pt\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.725154076738642
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9IY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4U:9rnlNKNu7xKgUOVBQ6Bo19sPTLM80ao5
                                                                                                                                                                                                                                                                        MD5:ABE4A7998F99C8BDD303BE6AB09DC20A
                                                                                                                                                                                                                                                                        SHA1:577A7FDC5DBBF1BC231C8665603F48C15E674EDD
                                                                                                                                                                                                                                                                        SHA-256:DC166EA7286C26BE2CCF0A44677F228B660BFB6D9DD4C78FE0409B08327536DF
                                                                                                                                                                                                                                                                        SHA-512:B28AB5F36736AEDCCE65099734813E3260D95908EF457F67AAB96089EC3D50E2FA0562EC1454E4E1320433B50847001909E28F27AE87C3A7CBE66ABC24A5FD75
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..`...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ro-RO\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.785865587531196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:kdIY4puUhG9oHusJxWgAm/45t6lSertHPHrgCs324VfosqPXMdEqljSNPEinIOBZ:CapuUhg7sJxWgAm/45t6lSertvHrDapG
                                                                                                                                                                                                                                                                        MD5:5F6E31693AFF46FBDBCA6AABC5ED7E40
                                                                                                                                                                                                                                                                        SHA1:D1460A56FD08C8EE10D6E4E470B72BB53D3955A8
                                                                                                                                                                                                                                                                        SHA-256:31AA8F7D10891DB8188A5FB8999EE0CB8564253D8C91A39EC432764011BF42C8
                                                                                                                                                                                                                                                                        SHA-512:CDBD5C9C488BF31C0C8F772819D41E36546F8CAA7E0AB75281DAF59C401A60629DF00F1D6C85FB396A6FC1610AD5C24F17D2436397688E348FB55C312428E7B8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........^E... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..d...........P ..O!..........................................K!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru-RU\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                                                        Entropy (8bit):4.949048788389918
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:NZ2vdzqaLxW8w5/EtHjl+dbA5eI00QF7jiS58U:3aL88/sd0QF7jiS58U
                                                                                                                                                                                                                                                                        MD5:566A9E0CEEA6C3CBF82B05C4F8470C27
                                                                                                                                                                                                                                                                        SHA1:C24F42AE5FC9A326B6526557501EA98150409F85
                                                                                                                                                                                                                                                                        SHA-256:CFB04DD1A62A3C5FE6D9AE898DF507B7567ABEEE7C871FA9AAD1A0D2475968AD
                                                                                                                                                                                                                                                                        SHA-512:ABA8482414B1D98313D37C58C4D19D7D197A440601175C9E3F1AEC5D7A86C53A43A289F843A3EFF85C0FEE043334A25E9D215A54FD4CA3DFF6E8A786E6FE85C3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.................M... ...`....... ....................................@..................................L..O....`............................................................................... ............... ..H............text...$-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H.......hI..d...........P ...)...........................................).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                                                        Entropy (8bit):4.846136752240531
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:phbWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlAg1O5rxg0XWr:pN1NvbH7O9JKgglrCPChnYVC5A5rxg06
                                                                                                                                                                                                                                                                        MD5:DADE13E423762BDAE745D57CA3DC86EF
                                                                                                                                                                                                                                                                        SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
                                                                                                                                                                                                                                                                        SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
                                                                                                                                                                                                                                                                        SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sk-SK\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.89773663933091
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:mIYK1uOKGEXJ7hxwUmX+41C/TUMZc/ZgPPInsYJNM3TPGdTzXpPbf+oBumIJMr2P:m41uOKl7hx9mX+41CLUMZc/ZOPVYJN6b
                                                                                                                                                                                                                                                                        MD5:EF403938F8FDBFB9638F378774F93D97
                                                                                                                                                                                                                                                                        SHA1:020AAD53FEB53DD763CA422CE47BC75F0A06F426
                                                                                                                                                                                                                                                                        SHA-256:EDA401DC462FAB09262874A61915D30F7721FA7F3FFCA7242461D978C54E76BA
                                                                                                                                                                                                                                                                        SHA-512:B40A0F1CC1C0C9A99FAFB1F96BF44DA543364DAB15A1BA4F564B9D3014C3031881E67700240BBD5DF280439901EE36A9345A32EC83DAED80203C115712820DB6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........nE... ...`....... ....................................@..................................E..O....`............................................................................... ............... ..H............text...t%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................PE......H........A..d...........P ..f!..........................................b!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl-SI\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.769946515681843
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:NIYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZ4:NTAGeXyuMxUY+iZWBei3gW0dFOaEe3C5
                                                                                                                                                                                                                                                                        MD5:E3D94C18654B6E3A630A7932298E989D
                                                                                                                                                                                                                                                                        SHA1:A46151D16A43728FC905578B04C97A6034BEEC48
                                                                                                                                                                                                                                                                        SHA-256:4A6897E25BEA93BC47A166AE7C02CB2858C6399A9360F12E6EE56C4FE110B537
                                                                                                                                                                                                                                                                        SHA-512:DFCF6207F5D1EE1CA490ECE1CEFCC0B4C073A74D9E7AC0C1E865181173328421115BAB4530AF995DF2B04893C801D5F8D58B9867905FC1F59A6416E4CBFD5710
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..d...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sl\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.767196344145025
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:5IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZA:5TAGeXyuMxUY+iZWBei3gW0dFOaEe3C5
                                                                                                                                                                                                                                                                        MD5:B84137A373B458BFDB8E37BF68DBC93B
                                                                                                                                                                                                                                                                        SHA1:C66FEC010EDA81A93608892749F6CA44E01828E9
                                                                                                                                                                                                                                                                        SHA-256:CC83EDEBF62A1C0F0698C97180AB13D96301C531C7270D4BDE4C43FA96129728
                                                                                                                                                                                                                                                                        SHA-512:5CEFD56822A084B7AC139A306640474FF82B106CA8088991FF58432867A405CE5091D11F465EBEA4EA1F30D102854FFA79424B0430E5BDA88FA9494FD8D23E00
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..`...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\sv-SE\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.726343979225638
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:3tIYShuTiGMuLj/kyxI0Nc/yGUbwMgWf2iPMXBSSky3WDeFzMShGOBZ7T3GyRKvL:3tUhuTiGj/HxI0Nc/yGUbwMgWf2YMXQd
                                                                                                                                                                                                                                                                        MD5:F26F586F37F77C4040A1110CD09C1A04
                                                                                                                                                                                                                                                                        SHA1:9511A7124B27AB89BDCB25F4D373CC08C25E06BC
                                                                                                                                                                                                                                                                        SHA-256:0C709CC4E21D236600DCB400713D93940BB96BFCC3BE184ABC27EAA25C50853C
                                                                                                                                                                                                                                                                        SHA-512:F48821C805E4359CD6FE1571050248DBB6496040528ECCC313C1ACC67088B91E391C412023C37E2B2F1BFFB2704EC6D25982819FF6487298E4E17EBB1F43E18B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\th-TH\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16896
                                                                                                                                                                                                                                                                        Entropy (8bit):4.847206773739568
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:HWmNyydz3LxBD5uSw84x/d/dfwJGTV/cEJviNhsFx55n5z5OPMuQ5m5rPzzSvooG:T7LHDFGh0EJviNhsFx55n5z5OPMuQ5mP
                                                                                                                                                                                                                                                                        MD5:912EF860F4ACB26AFA205A91956990D3
                                                                                                                                                                                                                                                                        SHA1:8DB790876785FE61D10F4E8E4D32722B5AD35679
                                                                                                                                                                                                                                                                        SHA-256:E49F80929F50C19E430352B21851F8359D7061B3EF4CDC9264BCC1BE3620B987
                                                                                                                                                                                                                                                                        SHA-512:0E89322265A7B8827302DD91DFF85E82DF7ED87FC8C1F04F2B13C23FFD8471A01CD52A172C008D0AA40288322C2F1EF2913A7039539EF5C9D9ED06F90B8D57CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....8...........W... ...`....... ....................................@.................................@W..K....`............................................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................pW......H........S..d...........P ...3...........................................3.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\tr-TR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.883497823407382
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:wIY4kciiGg/kISxvnmkYsPV+tIqMvhBhPYTua1j3SfDpu6WbyLWFTXLgNzCii7oM:wKkciiwISxvnmkYsPV+tIqMvhBZYquLt
                                                                                                                                                                                                                                                                        MD5:0082F8E3C82E3BEC8FA2EC9B8F62030A
                                                                                                                                                                                                                                                                        SHA1:BD9790D90D940DA82015B1A003DDDE0E6A814388
                                                                                                                                                                                                                                                                        SHA-256:8094AD142AB016533528ECCCEB49182D1AF3BF0BFD34DDD940F3714D7D17A145
                                                                                                                                                                                                                                                                        SHA-512:5B737D66475DC957E53A2F88CEABA78DB7D76BE7B5184B75D8516C5A97161131DDCD3130200BA0DF2C000F46658EC01A5CB2ED60A876266DB4BAC95986BD763B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@.................................dE..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........B..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\vi-VN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                                                        Entropy (8bit):5.077789016416725
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:tTp4EAT1bY2bx1CxHdO35YFInizzX83tNeRFYMvF2Mr58N:CblbzC5jmtNeRN2y58N
                                                                                                                                                                                                                                                                        MD5:E224E6925C4274296BA7BEC71FF953A4
                                                                                                                                                                                                                                                                        SHA1:1BF409839D76EDB70B88426AC2C17106105EA3C9
                                                                                                                                                                                                                                                                        SHA-256:8CC2EAE4D338CC29846144136702F717E1379468A07919975FE6EEEB9007C558
                                                                                                                                                                                                                                                                        SHA-512:DAFABB12F383BD99CF0D1F1BD949CEE2F922C6CB03FFA51CD5583E45B2FF6B79C7B88B26CCD5E8DC0873388B7C61DE39DE968FC8E4A3E8B63C3B3D94711AC309
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....*..........^I... ...`....... ....................................@..................................I..O....`............................................................................... ............... ..H............text...d)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................@I......H........E..d...........P ..U%..........................................Q%.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.701646036890297
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:HWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVDA1L5rxg0XWr:H1NvbcbSEm22mdqet+wh25rxg0XWr
                                                                                                                                                                                                                                                                        MD5:3CEFEC17BAAC089C54C8102A4CFD160C
                                                                                                                                                                                                                                                                        SHA1:A54CD9BD4181A591937A99BE88BEB006279837DE
                                                                                                                                                                                                                                                                        SHA-256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
                                                                                                                                                                                                                                                                        SHA-512:2D45193662C7CE2854CE2D3EE53AE199E094D09BC76D8D8A8E36B24EA60400A5F064CA16CE0078FE6CBDF4117C22565C04E47B99CD99868254C915DB6D18700F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ...................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................%h...P...y.7....ON(..U.~vT]h.e9dfp*1...oDL..1.M..6.Ku...^5....RE.')f.$......{...mcc......E...g.l.Z.q..M..@._D.{...,...S....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-CN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                                                        Entropy (8bit):5.080167063477581
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:IIYXbXbaQGf0wwrCwYxzJSKqdy6eY5R6Q3Pyt7g0mY3IC1wx+bDqhbXpVuieenT1:IRbXbaQixwYxzJSKqdy6eY5Rt/A7c+hS
                                                                                                                                                                                                                                                                        MD5:93DDE9DE1910EC7C10CAF6A2A950E6E6
                                                                                                                                                                                                                                                                        SHA1:D9E977B3153676C2422374AD1D314046E1318806
                                                                                                                                                                                                                                                                        SHA-256:597FC5D537F33A564CDB2D467D2F588CA25954D6E758316D4911CA97C2A1A7CA
                                                                                                                                                                                                                                                                        SHA-512:300B6B873CF5C5487AD813D27823B4E899DA49342DB6F83FC0D23919A629AAAEC53334DAD63BEEBAD4D92372A76636F8069CF054D08C755A4C7CE76AA07C65D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....$...........B... ...`....... ....................................@.................................XB..S....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........>..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.728551774224484
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:JWWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPol1f5rxg0Xq:J1NvbOtEq40uYSatEdHwWloA9Pk5rxgJ
                                                                                                                                                                                                                                                                        MD5:833F269BA6F0C34F49273DA7FBD7DCE7
                                                                                                                                                                                                                                                                        SHA1:D0253D322DCDF7F54E37C7E8911A8B77670D2967
                                                                                                                                                                                                                                                                        SHA-256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
                                                                                                                                                                                                                                                                        SHA-512:4FA315E23D985AFFB46F6536CDF2DDC1B882F47098EE2D5A4B954DDEEB8904D1C83182B1598E4948A59728339945307B699A147ECD813C0F91986D95BDC57184
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................gh....R.xns+....2..b]...c........W|..C.....\*.~w.?.....%...M.}..K?.`.Y.0%U..........I.:f...p.EB.....]O]..4Sy'.D4N..................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\Translations\zh-TW\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                                                        Entropy (8bit):5.067541414141853
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:oIY26Y9TGjEWVWxzJS9gSKiLHQhcScP/yggS2w3tWGPO4JRy0ty6WGbdIY9MAFXx:ow6Y9TEVWxzJS9gSKiLwhcSSqgwmMGxp
                                                                                                                                                                                                                                                                        MD5:142024ABF19A89ED6DF37C56CE927361
                                                                                                                                                                                                                                                                        SHA1:B818199BB5D275F7E583D9E20F99CF7A393ED226
                                                                                                                                                                                                                                                                        SHA-256:9678E0D14BAC32C77BAAE8A4B697051E3ADE12B91278D7B01FDA00ED471167E4
                                                                                                                                                                                                                                                                        SHA-512:0FF2F4570F35DF7B44901E982D3D15FA1DA6D8D41EB6D98B8ECCB920A8345ACB5A2E89D400F6AC1DD0DF3DD0F70CD1FD4AD38DD4B613F7E72D07D49F7E045C33
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....$...........B... ...`....... ....................................@.................................8B..S....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................pB......H........>..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1120648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.282495231593689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:nAIzN9/YaT6MIQtZM1A0+Nwhq3drYozTW0fbcIQTPFdWHJLKe:AIzNpG061A0ue8lYozK0fbNpNKe
                                                                                                                                                                                                                                                                        MD5:C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA
                                                                                                                                                                                                                                                                        SHA1:3CD3D6592BBE9C06D51589E483CCE814BAB095EE
                                                                                                                                                                                                                                                                        SHA-256:61D225EEFB7D7AF3519A7E251217A7F803A07A6DDF42C278417C140B15D04B0B
                                                                                                                                                                                                                                                                        SHA-512:348A48B41C2978E48DDBEB8B46AD63EF7DDE805A5998F1730594899792462762A9EEE6E4FE474389923D6B995ECA6518C58563F9D1765087B7AC05CE2D91C096
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.L..........."...0......B........... ........@.. ....................................`.....................................O.......`?...............U..........$...8............................................ ............... ..H............text........ ...................... ..`.rsrc...`?.......@..................@..@.reloc..............................@..B.......................H........Y..................@............................................~....*.......*..0..`.......(....o....(....o....(....(.......r...p(....(....(....~.......(.........,..(......(........(....*.0..............~....o......E............'...9.......o...........8....~....o....s,....~....o....s.....+h~....o....s.....+V~....o....s.....~....o....~....o....~....o ...s$....+ ~....o....s.....~....o....s.....~......o!...*....0..........~....-..("...+....(#.....o$...-..o%.....(.....,.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):160016
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4048842736009
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:S6lrh8aWSI9uVDeMWoWVy5zmndQ1dTZjxO3S/9FVkmiGUV+fS:S6lrhISL9e1oWE56ndQ19aY9Fjs2S
                                                                                                                                                                                                                                                                        MD5:F5CF4F3E8DEDDC2BF3967B6BFF3E4499
                                                                                                                                                                                                                                                                        SHA1:0B236042602A645C5068F44F8FCBCC000C673BFE
                                                                                                                                                                                                                                                                        SHA-256:9D31024A76DCAD5E2B39810DFF530450EE5A1B3ECBC08C72523E6E7EA7365A0B
                                                                                                                                                                                                                                                                        SHA-512:48905A9FF4A2EC31A605030485925A8048E7B79AD3319391BC248F8F022813801D82EB2FF9900EBCB82812F16D89FDFF767EFA3D087303DF07C6C66D2DCB2473
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..2...........P... ...`....@.. ...............................*....`.................................pP..K....`..T............<...5..........0P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...T....`.......4..............@..@.reloc...............:..............@..B.................P......H........i..(...........0....U...O.......................................(....(....*....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........MU.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad..........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):170328
                                                                                                                                                                                                                                                                        Entropy (8bit):6.47551843695429
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:XR761d9cCg9+zhOzcx9R0KvvvvnPPH6Gi5tPArrYeiYiPKiF15fJ2K/Krrii555z:81TcpihOk0KvvvvnPPH6Gi5tPArrYeiG
                                                                                                                                                                                                                                                                        MD5:72689B177CD84AE5260532F5C7A10EBD
                                                                                                                                                                                                                                                                        SHA1:4129FBAB0F99F8420F25D772D2D62A26B1FADB3C
                                                                                                                                                                                                                                                                        SHA-256:062FD8045911EAAB4B5F505DADE6C0E23E6200C1AC1FDB86EA73E69AB801E037
                                                                                                                                                                                                                                                                        SHA-512:8649EB139AE3B695463210EA2E6061C35CD3580C0AD6A5D2D859835255DD6ACD334D791BFCC0D00D1B60573960C91C29009F3325EB8B37DACFBB7CEF401EC4EE
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..Z...........x... ........@.. ..............................$.....`..................................w..K.......\............d..X5...........w............................................... ............... ..H............text...$X... ...Z.................. ..`.rsrc...\............\..............@..@.reloc...............b..............@..B.................x......H.......|l..`...............4k...w.......................................(....(....*:+.(Nf%^.(....*..0.............*....*....0.............*.0.............*......-....;.....0.............*........VV.Q!....0.............*............!....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..............*...Y...............s...........!....0..........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):223016
                                                                                                                                                                                                                                                                        Entropy (8bit):6.7884547646820765
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:cBuq5tonhw9PY+fAKul0ZJXY9ooyJtTsbbiRl7m76m/GS+KKeA4dtrSsQDZ:VqDOhw9PY+4Zl0ZFY9ooyUbc3Kc4dtaF
                                                                                                                                                                                                                                                                        MD5:927934736C03A05209CB3DCC575DAF6A
                                                                                                                                                                                                                                                                        SHA1:A95562897311122BB451791D6E4749BF49D8275F
                                                                                                                                                                                                                                                                        SHA-256:589C228E22DAB9B848A9BD91292394E3BEF327D16B4C8FDD1CC37133EB7D2DA7
                                                                                                                                                                                                                                                                        SHA-512:12D4A116AEE39EB53A6BE1078D4F56F0EBD9D88B8777C7BD5C0A549AB5CFF1DB7F963914552EF0A68FF1096B1E1DC0F378F2D7E03FF97D2850CA6B766C4D6683
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.............!..0..&...........D... ...`....@.. ...............................B....`..................................D..K....`..D............0..(7..........cD............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...D....`.......(..............@..@.reloc..............................@..B.................D......H........|...............W..O....C.......................................(....(....*:+.(..4g.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*....*....0.............*.................0.............*....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):181184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.53382578985949
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:+0AqxqD7b0Qv6wIMCP1Yr+Xle9WQJTrz96JiBRqMadYMBpCA5LH3wjg:NRkD/0Q7IMCP3ePOUBRqKep5jZ
                                                                                                                                                                                                                                                                        MD5:F55948A2538A1AB3F6EDFEEFBA1A68AD
                                                                                                                                                                                                                                                                        SHA1:A0F4827983F1BF05DA9825007B922C9F4D0B2920
                                                                                                                                                                                                                                                                        SHA-256:DE487EDA80E7F3BCE9CD553BC2A766985E169C3A2CAE9E31730644B8A2A4AD26
                                                                                                                                                                                                                                                                        SHA-512:E9B52A9F90BAECB922C23DF9C6925B231827B8A953479E13F098D5E2C0DABD67263EEECED9A304A80B597010B863055F16196E0923922FEF2A63EB000CFF04C9
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ky.............!..0.................. ........@.. ....................................`.................................P...K.......P................5........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H.......ds..............."...}...........................................(....(....*:+.(...W.(|...*.".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsStubLib.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):261232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.520670838166452
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:L4TddrmwvYlpI+JxFKb708NFR75vp+uvewjLbqzm9iVkW:Ud8HI+DW75Hmwnlip
                                                                                                                                                                                                                                                                        MD5:FA4E3D9B299DA1ABC5F33F1FB00BFA4F
                                                                                                                                                                                                                                                                        SHA1:9919B46034B9EFF849AF8B34BC48AA39FB5B6386
                                                                                                                                                                                                                                                                        SHA-256:9631939542E366730A9284A63F1D0D5459C77EC0B3D94DE41196F719FC642A96
                                                                                                                                                                                                                                                                        SHA-512:D21CF55D6B537EF9882EACD737E153812C0990E6BDEA44F5352DFE0B1320E530F89F150662E88DB63BEDF7F691A11D89F432A3C32C8A14D1EB5FC99387420680
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....WG..........." ..0.................. ........... ....................... .......c....`.....................................O.......p...............p8..........4...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......l&..`............2..h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o(.....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsSyncSvc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                                                        Entropy (8bit):6.475738224302649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:LkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1OH:JJll87GY2q61llaOZBjKt5qq4i
                                                                                                                                                                                                                                                                        MD5:CC7167823D2D6D25E121FC437AE6A596
                                                                                                                                                                                                                                                                        SHA1:559C334CD3986879947653B7B37E139E0C3C6262
                                                                                                                                                                                                                                                                        SHA-256:6138D9EA038014B293DAC1C8FDE8C0D051C0435C72CD6E7DF08B2F095B27D916
                                                                                                                                                                                                                                                                        SHA-512:D4945C528E4687AF03B40C27F29B3CBF1A8D1DAF0EE7DE10CD0CB19288B7BC47FAE979E1462B3FA03692BF67DA51AB6FA562EB0E30B73E55828F3735BBFFFA48
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@.....................................q....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132112
                                                                                                                                                                                                                                                                        Entropy (8bit):6.108992422954668
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:SWGjyLgosGplJLT7AwoTFGmrY6sWGGHyj:SwgBGplJX7AHGm8UI
                                                                                                                                                                                                                                                                        MD5:167B304C9C615BE2852AC0BEF86E6F15
                                                                                                                                                                                                                                                                        SHA1:7C38A8AF0DE07B41D5E5AF771274B0D46B87B0E0
                                                                                                                                                                                                                                                                        SHA-256:6D5EA04F978E429C5CF0065A213BF28D8AF36540493C6564218EA51B0D5B961D
                                                                                                                                                                                                                                                                        SHA-512:557CF71B939D5F388E17B432DB5D2A15EDE76E6ABCF0476B985BBA0DE4FC22CB130A1A240FE92F41DE03B60E7EDBC9445BE2461079E28EBE985FF523B32EB456
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\rsTime.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. .......................@......0I....`.....................................K.......D................4... ......`................................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc....... ......................@..B........................H........Z...i...........................................................(@...(6...*.0............j*.0.................*...j*....0.................*.0.............*.0............j*.0.............*.0............j*B(@...(6...(....*...".......*...".......*......l*.......*.......*...".......*.......*....(@...(....*:+.(r.S1.(6...*..0.............*.0.............*.0..........(@...8].......E........G...R...8.... ....(....( ...o....(!........ .....9....&8....(R... ........8....*(....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-dns.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):269016
                                                                                                                                                                                                                                                                        Entropy (8bit):5.638348013030407
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:99jevmK0U7H/cF9P/V+FKDe/HfETJBLqw+foMCsbpM9NV:3FK0U7HkF9HVpe/HfASJCr9j
                                                                                                                                                                                                                                                                        MD5:772E66BF2ED9CA8F60C413576B9BFBA0
                                                                                                                                                                                                                                                                        SHA1:91A274E4B66966EB5D036835F8C99FFCD3E74F35
                                                                                                                                                                                                                                                                        SHA-256:C3A505A0BF9BB525DCFE981A5CB60D3B4DC4163F1A1179AA55DDB66E569CF2CB
                                                                                                                                                                                                                                                                        SHA-512:D3C5742FA5F0E663DF7809288B3159465323B9F8942EA684CAA1B98C912245C151E9F1C909129AB3EAFD5F6282B2B4C0BB983E929E945AA92EB6BC506CD19787
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L.......... <.........@.............................0......p/....`.....................................................<....`.......0..d........8... ..........p...........................P...@............`..h............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-epp.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):332568
                                                                                                                                                                                                                                                                        Entropy (8bit):5.000961772420698
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:sbjak9Kn0bnccfHyeL+FRexTh6z6ryBLqB9fbUD6y9lvQzJLEX48:GdKn0bnfPjL1xTh6zub1QD3leLEI8
                                                                                                                                                                                                                                                                        MD5:8157D03D4CD74D7DF9F49555A04F4272
                                                                                                                                                                                                                                                                        SHA1:EAE3DAD1A3794C884FAE0D92B101F55393153F4E
                                                                                                                                                                                                                                                                        SHA-256:CDF775B4D83864B071DBCFEED6D5DA930A9F065919D195BB801B6FFAF9645B74
                                                                                                                                                                                                                                                                        SHA-512:64A764068810A49A8D3191BC534CD6D7031E636AE306D2204AF478B35D102012D8C7E502ED31AF88280689012DC8E6AFD3F7B2A1FE1E25DA6142388713B67FA7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L...........<.........@.............................0.......[....`.....................................................<....`......0..d........;... ..........p...........................P...@............`..h............................text...`J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc.......`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\uninstall-vpn.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):201880
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4046209284871525
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:O9jevmK0U7H/cF9P/V+FKDe/HfETJBLqU+foMCdEiBhGo:eFK0U7HkF9HVpe/HfA6JCdEid
                                                                                                                                                                                                                                                                        MD5:410D4E81BE560D860339E12AC63ACB68
                                                                                                                                                                                                                                                                        SHA1:06A9F74874C76EBA0110CDD720DD1E66AA9C271A
                                                                                                                                                                                                                                                                        SHA-256:E4A8D1E07F851BE8070DD9B74255E9DD8B49262C338BFB6EF1537EDD8F088498
                                                                                                                                                                                                                                                                        SHA-512:4BBFFEEF276CE9B8FDD6D767BA00066309EEE0F65E49CEA999D48D1E8688C73D7011ED1301A668C69814457CAAD3981167A1E3FE2021329DD8FC05659103FB3A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L.......... <.........@.............................0............`.....................................................<....`......0..d........6... ..........p...........................P...@............`..h............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc.......`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\ArchiveUtilityx64.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):158512
                                                                                                                                                                                                                                                                        Entropy (8bit):6.366328902517048
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:ixAyrpDDw+Quvmsd3xsVjxlppyYlDB5sqnjJHSGzj2:aAWDUuvmsd3GnjpyYlt5pa
                                                                                                                                                                                                                                                                        MD5:C70238BD9FB1A0B38F50A30BE7623EB7
                                                                                                                                                                                                                                                                        SHA1:17B1452D783ED9FAE8FF00F1290498C397810D45
                                                                                                                                                                                                                                                                        SHA-256:88FB2446D4EAC42A41036354006AFADFCA5ACD38A0811110F7337DC5EC434884
                                                                                                                                                                                                                                                                        SHA-512:DD77E5C5CF0BF76BA480EB4682C965D0030171A7B7A165A6D1C3BA49895BC13388D17DDBB0FE3AC5D47B3D7D8110942C0D5B40E2FE3DF0A022E051696EC4FEB6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)...b...,...b.......b...#...)...(...............'.......8...b...*...)...t...C.9.......+.......(.....g.(.......(...Rich)...........PE..d...B.Uf.........." ...'.d................................................................`.............................................T.......(............`.......6..05......P.......p...........................@...@...............`............................text...pc.......d.................. ..`.rdata..............h..............@..@.data...p<... ......................@....pdata.......`......................@..@_RDATA...............*..............@..@.rsrc................,..............@..@.reloc..P...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):349024
                                                                                                                                                                                                                                                                        Entropy (8bit):6.20930916625922
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:n1sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfT:n1sSmRIt/xhtsOju1DH5NXnIKAci
                                                                                                                                                                                                                                                                        MD5:87D7FB0770406BC9B4DC292FA9E1E116
                                                                                                                                                                                                                                                                        SHA1:6C2D9D5E290DF29CF4D95A4564DA541489A92511
                                                                                                                                                                                                                                                                        SHA-256:AAEB1EACBDAEB5425FD4B5C28CE2FD3714F065756664FA9F812AFDC367FBBB46
                                                                                                                                                                                                                                                                        SHA-512:25F7C875899C1F0B67F1ECEE82FE436B54C9A615F3E26A6BEC6233EB37F27CA09AE5CE7CF3DF9C3902207E1D5DDD394BE21A7B20608ADB0F730128BE978BEC9B
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ....................................`.................................0-..O....@..................`;...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.Data.SQLite.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):370744
                                                                                                                                                                                                                                                                        Entropy (8bit):6.1104091244570675
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:VruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmt:INWx6xz+nRo2GGWHQZMaLyJSJFNFaFeo
                                                                                                                                                                                                                                                                        MD5:FFBB71041C9A01DA9EA90BDD4C0096A2
                                                                                                                                                                                                                                                                        SHA1:D4E9E5B70B356489F1C6EEFCCD58B343F9D79E44
                                                                                                                                                                                                                                                                        SHA-256:178570575291B95C767BA304D71C5310A94E93B6C1F673B9179D41A75A48D0E8
                                                                                                                                                                                                                                                                        SHA-512:AE7926C6CE85464B66FD73C1FE046F51DEE1739DD7476C8FBAC39D8479E7F8CB891C216DDBB160E5CECF828EFDEB2BF1C10A630BA57ADCF302AA7A2D83CC9728
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ..............................Fr....`.....................................O.......$............l..8<...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\System.ValueTuple.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):75800
                                                                                                                                                                                                                                                                        Entropy (8bit):6.026203256069962
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAA7sxR:r7NV8v36tI0XCKAAy
                                                                                                                                                                                                                                                                        MD5:F34410B23B973CE915C40345C96DD82D
                                                                                                                                                                                                                                                                        SHA1:57B1D2DD6600CBCC64062549A925A4548CF9A47C
                                                                                                                                                                                                                                                                        SHA-256:E461CD2F7700FD28A3869D7C65F805058E0C30D44D9BCAF390ADF1896548B0D3
                                                                                                                                                                                                                                                                        SHA-512:CAE7D1CDFC68CE705D6292BE1A60C074F1E5B56E58D1558C958FC1022465626669D38CDE891152247C8877985C63A4806A4F0F82664E40F3AE173BF2B1280702
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......$.....@.....................................O.... ..P................2...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\cs-CZ\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.881485510441517
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:LIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YV+:L3pQ8vQToxMi5emzUA8rYgLIOrnz8uu0
                                                                                                                                                                                                                                                                        MD5:999C5174344E3AF9CCD1E17299448E76
                                                                                                                                                                                                                                                                        SHA1:B66455DEB863B0A928D4E55ACD886E3C16506DE6
                                                                                                                                                                                                                                                                        SHA-256:0748A7D73F44ACDC027ABF5177DA04DD69D773299138EA0B25D3DBE4C00AD4A0
                                                                                                                                                                                                                                                                        SHA-512:E4F0C9C443070BBE348BA142FFB28631D4B86CA9D4DC1AA18E0711650CF063F590E2383A54C693ECA4CBA57EEC946BB5DFD2FFEA45820682D2C49DBC3ACFF612
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........NE... ...`....... ....................................@..................................E..K....`............................................................................... ............... ..H............text...T%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................0E......H........A..d...........P ..J!..........................................F!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\da-DK\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.746338816012684
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:IIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHt:IXN3EsVfvVx8rUrb+M0lIVixNqiomyJZ
                                                                                                                                                                                                                                                                        MD5:C2819AE6DB238F0D9FDD865347819A40
                                                                                                                                                                                                                                                                        SHA1:35F19D2AEC295FD7F98CE039DA95A0A556517B2B
                                                                                                                                                                                                                                                                        SHA-256:DA090057B5388EF09CA5F6E72C729F0330FC3CC0352E2EE704982E979DC4E1F1
                                                                                                                                                                                                                                                                        SHA-512:FD015CE397D556A669B1D83CFE82400998B7484A1F50D8683AF80EDC1533784196DF9092EDB4F6E727C45DF8B8430745DED57F154833626CEE7C778883074385
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..d...........P ..<!..........................................8!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de-DE\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.758461459269092
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:l5rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndC58i:2PAKtnHOdvPhO2dmyndC58i
                                                                                                                                                                                                                                                                        MD5:63DB7F10882D9A963496A27CE65A6F35
                                                                                                                                                                                                                                                                        SHA1:DED19C471C9139479F25FB5B5B42C48163491763
                                                                                                                                                                                                                                                                        SHA-256:50A5AF3023A6BE366350730D9962DA94DACA926CFB5F9C5C3EF04C5AB5A06103
                                                                                                                                                                                                                                                                        SHA-512:04E7A081CC7814C93E10A7D21768F864026B2DF6FB58D3D67CDBE8D643B7497B6FBFC2064A75F8CA8C6147E12A04A9CE2E9E492CE7906EE0EDA6E71A2690D51F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........F... ...`....... ....................................@..................................F..S....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......4C..d...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.557060180794725
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
                                                                                                                                                                                                                                                                        MD5:F83D720B236576C7D1F9F55D3BB988F9
                                                                                                                                                                                                                                                                        SHA1:105A4993E92646B5DBB50518187ABE07CA473276
                                                                                                                                                                                                                                                                        SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
                                                                                                                                                                                                                                                                        SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\el-GR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                                                        Entropy (8bit):4.982978904707212
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:EnpUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozT958I:yJs5xEGzfOPMvMx58I
                                                                                                                                                                                                                                                                        MD5:765162C01B6A1D4B1EF68832658F4EDA
                                                                                                                                                                                                                                                                        SHA1:0054503A01721F374796199F2202F308BAF0B280
                                                                                                                                                                                                                                                                        SHA-256:0EF2B0E94D98919186598312218A6BDF5E5C58D7BBA15E85C08CC64454081970
                                                                                                                                                                                                                                                                        SHA-512:6CEE1EE72E0AF4246EF6DF458CF68EA66C3987F915FBA642610C00D1C7CF3F23596471B9176ADAEFDF61E7891462665588056DF0A51835130965B148246237C1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....2...........P... ...`....... ....................................@..................................P..O....`............................................................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......HM..d...........P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es-ES\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.713044834675741
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:cIYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7F:cuGe/V0ni6wxCjfpzocEs5dMvkcDqPD7
                                                                                                                                                                                                                                                                        MD5:648AD011C505A34A9A756209FF749753
                                                                                                                                                                                                                                                                        SHA1:4325FBB69E9BE4B38DE9BFC81F91CC851FB16145
                                                                                                                                                                                                                                                                        SHA-256:0CA79AE16990C66CE642475AE2C48EDD9C7D93D1CA361A84FF67B046E3DB1272
                                                                                                                                                                                                                                                                        SHA-512:980C68CB78807190911CED7F013FAAB3036C39BA1CB45EB41AEE9010C048E2F149303E881D7AE6C8A7494D51E5760A6ED0039B0E13502E28EE4B76CBEFA2C52A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text...$%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......dA..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.425694157692337
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
                                                                                                                                                                                                                                                                        SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
                                                                                                                                                                                                                                                                        SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
                                                                                                                                                                                                                                                                        SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fi-FI\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7226745243816906
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:K9IYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUi6:K9RkNcDtxJMxAM2+9Ul/laxRe8ZGGWgL
                                                                                                                                                                                                                                                                        MD5:2D4061061AF403D74AF69EEC9DFE6BA3
                                                                                                                                                                                                                                                                        SHA1:ED9F6F00A4F2ADA56485294E6BE527BB155EDF9E
                                                                                                                                                                                                                                                                        SHA-256:3F3D9DD8A18721304CB4BBE992BA0F4F5429A848B1B07FCA1919223DEE35161C
                                                                                                                                                                                                                                                                        SHA-512:2CE44FA04FEF89295AB0729C2A6EAA03818D77F14E700700CD6C54BA25ED3F07793F575CB88C9332AD65D46E8124D81453035D4C097034529FAD43DB3AFD1F93
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fil-PH\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3998629103661635
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:b0Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmP:b0Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4e
                                                                                                                                                                                                                                                                        MD5:119609E491507BF1AC03571959DFB46F
                                                                                                                                                                                                                                                                        SHA1:5BFA87B946F8EA2559DD3039EDAAB1F710EB7C67
                                                                                                                                                                                                                                                                        SHA-256:68B32C96F048BE6FDF16050A5D5C073E2F9C5B76A4305CFD0E0A7AC9A45E6726
                                                                                                                                                                                                                                                                        SHA-512:3DAF79B9C30BC7A64FA388B35C750951874ED114697AD9A9F4E8AB733BACC71770983A007C837989526F1F45A2D60D87A58E395E27864FD16BB545110519937F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!..... ...........>... ...@....... ....................................@..................................=..K....@.......................`....................................................... ............... ..H............text...4.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......x:..h...........P ..'...........................................#..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..]....b..`............)...s..%'..JA*......>.$.\.&...'

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr-FR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.837603709696788
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:oY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXR58b:2BImyDM5DtyXwGY7uXR58b
                                                                                                                                                                                                                                                                        MD5:49308946ADC1C1565024EAB211D2A703
                                                                                                                                                                                                                                                                        SHA1:F0004DC3E436FEE811A79618D6029DB0497D4A42
                                                                                                                                                                                                                                                                        SHA-256:82C2F6F6A3F4870F8486EFB70BEBC6BA085838A051BD465AC2C638079C14B891
                                                                                                                                                                                                                                                                        SHA-512:7A17AFB06AB0D036C0D80D3326695F17E52C8365C4B7F86FA668F090CA5A4416B4881C2110D075C22F650CDE6B8D04135669B886AEBEB030DA9ABA74B796CFCF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........G... ...`....... ....................................@.................................\G..O....`............................................................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..d...........P ...#...........................................#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.588569516197988
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:YWWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VP81g5rxg0XWr:Y1NvbdKJiDjgmlRi0HYZDMp5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:3B4621370ADDCF4306669C9E7E45C865
                                                                                                                                                                                                                                                                        SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
                                                                                                                                                                                                                                                                        SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
                                                                                                                                                                                                                                                                        SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hi-IN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17408
                                                                                                                                                                                                                                                                        Entropy (8bit):4.802138576816784
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:lIE5h/2kXJsxw5w2UW4ctvHU+Th60iu2F6mKVZnCyJT2ox8mn9THjI5gE2ac7D5P:lXJsO57hOt9AZnttxKqN58Q
                                                                                                                                                                                                                                                                        MD5:A9854641A26F4C67F43C62808AE321AE
                                                                                                                                                                                                                                                                        SHA1:A89D6B3ABED21270B6311161D4118AA26D82A69F
                                                                                                                                                                                                                                                                        SHA-256:B91AAE7B8D476828108FCF99E4348EC533A7FCD2654F630B3B6255FEF2B32DA8
                                                                                                                                                                                                                                                                        SHA-512:E8291B1BE4F00CB41857CB5CA83D617369E9AF1AA58829A85D6A696C78E5CFA1B0B0CC5CB1041961A05B85C512CE7E2F15978DC62032ECA6899B9664472C0881
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....:...........X... ...`....... ....................................@.................................lX..O....`............................................................................... ............... ..H............text....8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................X......H........U..d...........P ...4...........................................4.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hr-HR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.744554675762649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:+IYVdDpBwGpkiVlZPxZlrPy2o92kGetEQyPIlUVKC3JDsS7qSmKV/4jNni67gXWu:+1DpBwSkoZPxZlrPY92kGetEQII2oANn
                                                                                                                                                                                                                                                                        MD5:4D275EF7CE5F02C9C92F2D10A90B78CD
                                                                                                                                                                                                                                                                        SHA1:319785221773DDBAFFBBE29A9B04DAF37C517BD5
                                                                                                                                                                                                                                                                        SHA-256:A3B7D4A8462021F7DD05DD15273FB41EEBEAA566BE106CD71C9B8A28A03DFD8B
                                                                                                                                                                                                                                                                        SHA-512:45800341E338301FF27F6D6F1EEA52E12941883B3FFA45CA96DD76FFB9BCCB5AF8138C724ED078846F9AD5370FF2B5C1D9C5F584B5D121115C4257F6889C34D1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@.................................|D..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\hu-HU\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):4.7989297090684016
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:adpTgTI4gNxtBqu+p5DXv00jiOKQosgcekILk0pltfN58x:q4gNrBnOVlgcekILfpltV58x
                                                                                                                                                                                                                                                                        MD5:ADF094F101CA6B84BB7E2296EABCB05D
                                                                                                                                                                                                                                                                        SHA1:1C6F38FCF1E072865118803DF5C7F356456D23EB
                                                                                                                                                                                                                                                                        SHA-256:85241CD496E646DB4EB9DF9C8808CBD1384964F61B7CB4FEDB1B812FC913E9F0
                                                                                                                                                                                                                                                                        SHA-512:89249C151395AB1D2E698221553634D1FB39B48A667A46139B4CCE5B890B6B1C66F646D0229A31699949F07336042C9A5604A10C0B51246091825CC01700D5E9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(...........F... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text...$&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......`B..d...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\id-ID\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.680086159864234
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:LqIYIZcKqG4ny8ZxSWuwCoBWidWjZdPAhDHPBg37eXCIKKXgXruQm8X0tF8HgGCe:LqOZcKqG8ZxSWuwCoBWidWjZ9AhLJ2SI
                                                                                                                                                                                                                                                                        MD5:6863EB1B4658AC9D04729CCE4E70480A
                                                                                                                                                                                                                                                                        SHA1:E0731B472F8D535AFF29BE240659D601BAECFB3C
                                                                                                                                                                                                                                                                        SHA-256:80E43D515959F4F7EE8138C74FB5BCF1F3DD7BCB19666760812C5BC46AF94B98
                                                                                                                                                                                                                                                                        SHA-512:D84EC0BFC778AB0D3F066129EB2BBA4E13A60C1E7B66994F1087790AC9DA635DA0C7F506FE92C6E46A76756686566AEB83EB81899C5FBFE23503632B5B076673
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......(A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it-IT\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.768378931838588
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:nIYr9kupX/Gdq8SQxZdNYobyRXvujVf9UgPw/ev3nww3OajMRD1TLIjB5leULIp5:n3kupX/GSQxZdNYBRXvujVf9UOwGvwwy
                                                                                                                                                                                                                                                                        MD5:9D5CEBB0C561E0DA0BCE75E527465BC9
                                                                                                                                                                                                                                                                        SHA1:2851D4995D9E9A37A0C1404C8E215B204871204E
                                                                                                                                                                                                                                                                        SHA-256:35BD747676E8512899D56A80276CA1835E6FCB17B309F80E709860363DFAA52F
                                                                                                                                                                                                                                                                        SHA-512:0A276428145E9B42E88757D8D1BA5C20A54AD7E1A287F9A9BFACCEB319901822D17C0D28DD96895B752A14867B19E2907E49E5968B77A8114A1D41C2F431BB0A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................E..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......4B..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.368637490829895
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:vOiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPD1q5rxg0XWr:v11NvbGTNgr1nJI3+07MM5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:1C331DA4BCE2809E16913C02E385576E
                                                                                                                                                                                                                                                                        SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
                                                                                                                                                                                                                                                                        SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
                                                                                                                                                                                                                                                                        SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ja-JP\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                                                        Entropy (8bit):5.087780030270019
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:WxwAHD6CkxQdCnvRl/oRHx8asale681v/e589:ZCkSdK0t81vW589
                                                                                                                                                                                                                                                                        MD5:E77665402F7750BFA2B38018E5CA72DA
                                                                                                                                                                                                                                                                        SHA1:F3974F0F8F7E2FB60B41B77F08D226FC8787C324
                                                                                                                                                                                                                                                                        SHA-256:BC57C5F54A2CFD2212504E19D84C2E5FACF29D940B8631538CE82207244C8BB6
                                                                                                                                                                                                                                                                        SHA-512:59682D579A6458902E7208CAE06492081A8233C2D2A383D65C2EF5A40D4DC36211D14005B684587AFF08E8B32DD83FD81C3C454441DD905F94AE967A65B08844
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....,...........J... ...`....... ....................................@..................................I..O....`............................................................................... ............... ..H............text...$*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................J......H.......hF..d...........P ...&...........................................&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ko-KR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                                                        Entropy (8bit):5.202416131377818
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:DFWuuyUdKvx4W9SxBmJsEMGFW/uuH2LlLTDUCl9w5JHJ8/uDP58z:WdKv+WqV2ZLToU9wXi/ub58z
                                                                                                                                                                                                                                                                        MD5:6935598916AF67879EA1BFB9E1D1FC50
                                                                                                                                                                                                                                                                        SHA1:54EE67CB95C349F5286CF5E9B2E5C0B7E01E1875
                                                                                                                                                                                                                                                                        SHA-256:C4E8DBD22A2BC4DB1844B75E600DFB8810EC1BD79AE9244E9BF95D6CD07BA593
                                                                                                                                                                                                                                                                        SHA-512:CFBF6C99640064C04D57E7F01F44EC378DBEBB42193B375080B2BD6E413111B1AD5D3CDA30E40A7CD2C0D5E0668372ADE5A9B71DE825DC0F337D9D9C2CD732C0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....(..........NG... ...`....... ....................................@..................................F..W....`............................................................................... ............... ..H............text...T'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B................0G......H........C..d...........P ..=#..........................................9#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nb-NO\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.693180822922721
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:WIYfsK6eGOy+v3qxh7EFBYn1p4hVYTPMPhT9CEGF3aN3MfCExO4MV09J7wcLaaEc:WZsK6epv3qxh7EFBYn1p4hVYTqhTAEGV
                                                                                                                                                                                                                                                                        MD5:58AFB3AE460111832F87628A55578CD1
                                                                                                                                                                                                                                                                        SHA1:9E43CE2918E003B67B80C7A2ABD314D8C489BC35
                                                                                                                                                                                                                                                                        SHA-256:0EAC601A33C74E373EEA3B72C6826E9512154852D9EDA174F5959EB8551DEDC4
                                                                                                                                                                                                                                                                        SHA-512:9F95FA0EB3AE3E2400A1A399D2821F6BC40D065C1E182304DB67B55E03D934A54153524D67D73FB5302781A988A7A87EAA23040C44C598298E078239C3EA938B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@.................................dD..W....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\nl-NL\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.73364372569939
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:etIYBN1XfOGCvouQTxklOVw/lzyOl/dEf80gPCdmP347U9DC47aqFD37E/avkeZu:CTN1X2HQTxklOVylzyOl/dEf80OCQPAn
                                                                                                                                                                                                                                                                        MD5:3F2522D425B3CC674925C117F5EB7984
                                                                                                                                                                                                                                                                        SHA1:E43D21EBD065BB42C0D66FD09E741F3FE75D04A4
                                                                                                                                                                                                                                                                        SHA-256:0F2D18D4EA34E514BC0865EE2C4DB488E44AB96A6F60D8666FA1CBAA50F83BA0
                                                                                                                                                                                                                                                                        SHA-512:DBF57878A763147E2312BADC78B3FE3A35D9F06F03681B071C5D3DFD84EEFCCF8877693D591C63A8D92628B1CDD59A8C30489D2094E9F59BFFDFA9920721FA2A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........nE... ...`....... ....................................@................................. E..K....`............................................................................... ............... ..H............text...t%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................PE......H........A..d...........P ..i!..........................................e!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl-PL\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.8003614094777545
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:aIYfp3DcrGr6SHAOzLxE6oMuN50rtbxn/XidPWd3SJC30Gh58xSoHR+hxWfbrVsu:aZp3Dcr2NAcLxE6oMy50rtbxn/Xi9Wdq
                                                                                                                                                                                                                                                                        MD5:046D8A330F45EFDE3EB3F83F446663DE
                                                                                                                                                                                                                                                                        SHA1:DAC7E590C64A39332FD6527CDD21B194257234D6
                                                                                                                                                                                                                                                                        SHA-256:1332F9D4F4189C94E25B7755D8BDB779C4C016229B93C10D8CFA978B1B41A6B4
                                                                                                                                                                                                                                                                        SHA-512:BCF70C1B1751D5DBFF1A6A97C07B04749603DB246EC40B3658F1E673BE4C80D1FFAAE1E3A8A70A1C949494B12531237FEF1EBB647EF7B2DF1C617F458A56CAA6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):4.594776627495051
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:haWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPb1V5rxg0XWr:g1NvbaG1cxy8ONHskdD5rxg0XWr
                                                                                                                                                                                                                                                                        MD5:B60817A69E314B22F746917C826DA53E
                                                                                                                                                                                                                                                                        SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
                                                                                                                                                                                                                                                                        SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
                                                                                                                                                                                                                                                                        SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-BR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.717379118116406
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:NIY1nlNKGnxGxIDx+sQ0Y4EQujHOVhPgdfBF3UTVV/Lea/FVgYISK+uZqiF4Afk5:NrnlNK/xIDx+sQ0Y4EQujHOVZgdBtofn
                                                                                                                                                                                                                                                                        MD5:81F5B0997E189FEC285ACD3443FD109B
                                                                                                                                                                                                                                                                        SHA1:0306EC1169E196997BF196EC985105EF1464A2C9
                                                                                                                                                                                                                                                                        SHA-256:0F4397AD0FA9627DF4B50BAEB213EDB790AAEDFC1862708B8D4D401620C6D47F
                                                                                                                                                                                                                                                                        SHA-512:156F7082E24FB87765F83859834DA4027AB473821B7E39C92E206D0F1DF827EA17F243A913C5FFC890ECB7506BA4A7E28986272A988A38D05619C7034B329ADB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..d...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt-PT\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.728117001174555
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:xIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4I:xrnlNKNu7xKgUOVBQ6Bo19sPTLM80aol
                                                                                                                                                                                                                                                                        MD5:2955126EC370BB65EE76E53DCF1FBCDC
                                                                                                                                                                                                                                                                        SHA1:CFFCC8D9D2414863FD45DA41F03030878A7F8769
                                                                                                                                                                                                                                                                        SHA-256:A5FE29467CFE179EFA29C1A4C1DC39247517150E734ACB20AB29C3FF817CCD3B
                                                                                                                                                                                                                                                                        SHA-512:56F6164D09BACA5D86844D126BF557410F15B442D43DD072A102F78BC02192F2ED734012BB1127DD09C0821115DECB6E6B3E0BB637423FEBE7069BA8BF275617
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..d...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\pt\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.725154076738642
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9IY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4U:9rnlNKNu7xKgUOVBQ6Bo19sPTLM80ao5
                                                                                                                                                                                                                                                                        MD5:ABE4A7998F99C8BDD303BE6AB09DC20A
                                                                                                                                                                                                                                                                        SHA1:577A7FDC5DBBF1BC231C8665603F48C15E674EDD
                                                                                                                                                                                                                                                                        SHA-256:DC166EA7286C26BE2CCF0A44677F228B660BFB6D9DD4C78FE0409B08327536DF
                                                                                                                                                                                                                                                                        SHA-512:B28AB5F36736AEDCCE65099734813E3260D95908EF457F67AAB96089EC3D50E2FA0562EC1454E4E1320433B50847001909E28F27AE87C3A7CBE66ABC24A5FD75
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........>E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..`...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ro-RO\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.785865587531196
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:kdIY4puUhG9oHusJxWgAm/45t6lSertHPHrgCs324VfosqPXMdEqljSNPEinIOBZ:CapuUhg7sJxWgAm/45t6lSertvHrDapG
                                                                                                                                                                                                                                                                        MD5:5F6E31693AFF46FBDBCA6AABC5ED7E40
                                                                                                                                                                                                                                                                        SHA1:D1460A56FD08C8EE10D6E4E470B72BB53D3955A8
                                                                                                                                                                                                                                                                        SHA-256:31AA8F7D10891DB8188A5FB8999EE0CB8564253D8C91A39EC432764011BF42C8
                                                                                                                                                                                                                                                                        SHA-512:CDBD5C9C488BF31C0C8F772819D41E36546F8CAA7E0AB75281DAF59C401A60629DF00F1D6C85FB396A6FC1610AD5C24F17D2436397688E348FB55C312428E7B8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........^E... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..d...........P ..O!..........................................K!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru-RU\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                                                        Entropy (8bit):4.949048788389918
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:NZ2vdzqaLxW8w5/EtHjl+dbA5eI00QF7jiS58U:3aL88/sd0QF7jiS58U
                                                                                                                                                                                                                                                                        MD5:566A9E0CEEA6C3CBF82B05C4F8470C27
                                                                                                                                                                                                                                                                        SHA1:C24F42AE5FC9A326B6526557501EA98150409F85
                                                                                                                                                                                                                                                                        SHA-256:CFB04DD1A62A3C5FE6D9AE898DF507B7567ABEEE7C871FA9AAD1A0D2475968AD
                                                                                                                                                                                                                                                                        SHA-512:ABA8482414B1D98313D37C58C4D19D7D197A440601175C9E3F1AEC5D7A86C53A43A289F843A3EFF85C0FEE043334A25E9D215A54FD4CA3DFF6E8A786E6FE85C3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.................M... ...`....... ....................................@..................................L..O....`............................................................................... ............... ..H............text...$-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H.......hI..d...........P ...)...........................................).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                                                        Entropy (8bit):4.846136752240531
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:phbWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlAg1O5rxg0XWr:pN1NvbH7O9JKgglrCPChnYVC5A5rxg06
                                                                                                                                                                                                                                                                        MD5:DADE13E423762BDAE745D57CA3DC86EF
                                                                                                                                                                                                                                                                        SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
                                                                                                                                                                                                                                                                        SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
                                                                                                                                                                                                                                                                        SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sk-SK\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.89773663933091
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:mIYK1uOKGEXJ7hxwUmX+41C/TUMZc/ZgPPInsYJNM3TPGdTzXpPbf+oBumIJMr2P:m41uOKl7hx9mX+41CLUMZc/ZOPVYJN6b
                                                                                                                                                                                                                                                                        MD5:EF403938F8FDBFB9638F378774F93D97
                                                                                                                                                                                                                                                                        SHA1:020AAD53FEB53DD763CA422CE47BC75F0A06F426
                                                                                                                                                                                                                                                                        SHA-256:EDA401DC462FAB09262874A61915D30F7721FA7F3FFCA7242461D978C54E76BA
                                                                                                                                                                                                                                                                        SHA-512:B40A0F1CC1C0C9A99FAFB1F96BF44DA543364DAB15A1BA4F564B9D3014C3031881E67700240BBD5DF280439901EE36A9345A32EC83DAED80203C115712820DB6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&..........nE... ...`....... ....................................@..................................E..O....`............................................................................... ............... ..H............text...t%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................PE......H........A..d...........P ..f!..........................................b!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl-SI\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.769946515681843
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:NIYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZ4:NTAGeXyuMxUY+iZWBei3gW0dFOaEe3C5
                                                                                                                                                                                                                                                                        MD5:E3D94C18654B6E3A630A7932298E989D
                                                                                                                                                                                                                                                                        SHA1:A46151D16A43728FC905578B04C97A6034BEEC48
                                                                                                                                                                                                                                                                        SHA-256:4A6897E25BEA93BC47A166AE7C02CB2858C6399A9360F12E6EE56C4FE110B537
                                                                                                                                                                                                                                                                        SHA-512:DFCF6207F5D1EE1CA490ECE1CEFCC0B4C073A74D9E7AC0C1E865181173328421115BAB4530AF995DF2B04893C801D5F8D58B9867905FC1F59A6416E4CBFD5710
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..S....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..d...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sl\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.767196344145025
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:5IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZA:5TAGeXyuMxUY+iZWBei3gW0dFOaEe3C5
                                                                                                                                                                                                                                                                        MD5:B84137A373B458BFDB8E37BF68DBC93B
                                                                                                                                                                                                                                                                        SHA1:C66FEC010EDA81A93608892749F6CA44E01828E9
                                                                                                                                                                                                                                                                        SHA-256:CC83EDEBF62A1C0F0698C97180AB13D96301C531C7270D4BDE4C43FA96129728
                                                                                                                                                                                                                                                                        SHA-512:5CEFD56822A084B7AC139A306640474FF82B106CA8088991FF58432867A405CE5091D11F465EBEA4EA1F30D102854FFA79424B0430E5BDA88FA9494FD8D23E00
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..`...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\sv-SE\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.726343979225638
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:3tIYShuTiGMuLj/kyxI0Nc/yGUbwMgWf2iPMXBSSky3WDeFzMShGOBZ7T3GyRKvL:3tUhuTiGj/HxI0Nc/yGUbwMgWf2YMXQd
                                                                                                                                                                                                                                                                        MD5:F26F586F37F77C4040A1110CD09C1A04
                                                                                                                                                                                                                                                                        SHA1:9511A7124B27AB89BDCB25F4D373CC08C25E06BC
                                                                                                                                                                                                                                                                        SHA-256:0C709CC4E21D236600DCB400713D93940BB96BFCC3BE184ABC27EAA25C50853C
                                                                                                                                                                                                                                                                        SHA-512:F48821C805E4359CD6FE1571050248DBB6496040528ECCC313C1ACC67088B91E391C412023C37E2B2F1BFFB2704EC6D25982819FF6487298E4E17EBB1F43E18B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..d...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\th-TH\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16896
                                                                                                                                                                                                                                                                        Entropy (8bit):4.847206773739568
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:HWmNyydz3LxBD5uSw84x/d/dfwJGTV/cEJviNhsFx55n5z5OPMuQ5m5rPzzSvooG:T7LHDFGh0EJviNhsFx55n5z5OPMuQ5mP
                                                                                                                                                                                                                                                                        MD5:912EF860F4ACB26AFA205A91956990D3
                                                                                                                                                                                                                                                                        SHA1:8DB790876785FE61D10F4E8E4D32722B5AD35679
                                                                                                                                                                                                                                                                        SHA-256:E49F80929F50C19E430352B21851F8359D7061B3EF4CDC9264BCC1BE3620B987
                                                                                                                                                                                                                                                                        SHA-512:0E89322265A7B8827302DD91DFF85E82DF7ED87FC8C1F04F2B13C23FFD8471A01CD52A172C008D0AA40288322C2F1EF2913A7039539EF5C9D9ED06F90B8D57CC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....8...........W... ...`....... ....................................@.................................@W..K....`............................................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................pW......H........S..d...........P ...3...........................................3.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\tr-TR\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.883497823407382
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:wIY4kciiGg/kISxvnmkYsPV+tIqMvhBhPYTua1j3SfDpu6WbyLWFTXLgNzCii7oM:wKkciiwISxvnmkYsPV+tIqMvhBZYquLt
                                                                                                                                                                                                                                                                        MD5:0082F8E3C82E3BEC8FA2EC9B8F62030A
                                                                                                                                                                                                                                                                        SHA1:BD9790D90D940DA82015B1A003DDDE0E6A814388
                                                                                                                                                                                                                                                                        SHA-256:8094AD142AB016533528ECCCEB49182D1AF3BF0BFD34DDD940F3714D7D17A145
                                                                                                                                                                                                                                                                        SHA-512:5B737D66475DC957E53A2F88CEABA78DB7D76BE7B5184B75D8516C5A97161131DDCD3130200BA0DF2C000F46658EC01A5CB2ED60A876266DB4BAC95986BD763B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....&...........E... ...`....... ....................................@.................................dE..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........B..d...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\vi-VN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                                                        Entropy (8bit):5.077789016416725
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:tTp4EAT1bY2bx1CxHdO35YFInizzX83tNeRFYMvF2Mr58N:CblbzC5jmtNeRN2y58N
                                                                                                                                                                                                                                                                        MD5:E224E6925C4274296BA7BEC71FF953A4
                                                                                                                                                                                                                                                                        SHA1:1BF409839D76EDB70B88426AC2C17106105EA3C9
                                                                                                                                                                                                                                                                        SHA-256:8CC2EAE4D338CC29846144136702F717E1379468A07919975FE6EEEB9007C558
                                                                                                                                                                                                                                                                        SHA-512:DAFABB12F383BD99CF0D1F1BD949CEE2F922C6CB03FFA51CD5583E45B2FF6B79C7B88B26CCD5E8DC0873388B7C61DE39DE968FC8E4A3E8B63C3B3D94711AC309
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....*..........^I... ...`....... ....................................@..................................I..O....`............................................................................... ............... ..H............text...d)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................@I......H........E..d...........P ..U%..........................................Q%.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.701646036890297
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:HWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVDA1L5rxg0XWr:H1NvbcbSEm22mdqet+wh25rxg0XWr
                                                                                                                                                                                                                                                                        MD5:3CEFEC17BAAC089C54C8102A4CFD160C
                                                                                                                                                                                                                                                                        SHA1:A54CD9BD4181A591937A99BE88BEB006279837DE
                                                                                                                                                                                                                                                                        SHA-256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
                                                                                                                                                                                                                                                                        SHA-512:2D45193662C7CE2854CE2D3EE53AE199E094D09BC76D8D8A8E36B24EA60400A5F064CA16CE0078FE6CBDF4117C22565C04E47B99CD99868254C915DB6D18700F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ...................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................%h...P...y.7....ON(..U.~vT]h.e9dfp*1...oDL..1.M..6.Ku...^5....RE.')f.$......{...mcc......E...g.l.Z.q..M..@._D.{...,...S....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-CN\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                                                        Entropy (8bit):5.080167063477581
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:IIYXbXbaQGf0wwrCwYxzJSKqdy6eY5R6Q3Pyt7g0mY3IC1wx+bDqhbXpVuieenT1:IRbXbaQixwYxzJSKqdy6eY5Rt/A7c+hS
                                                                                                                                                                                                                                                                        MD5:93DDE9DE1910EC7C10CAF6A2A950E6E6
                                                                                                                                                                                                                                                                        SHA1:D9E977B3153676C2422374AD1D314046E1318806
                                                                                                                                                                                                                                                                        SHA-256:597FC5D537F33A564CDB2D467D2F588CA25954D6E758316D4911CA97C2A1A7CA
                                                                                                                                                                                                                                                                        SHA-512:300B6B873CF5C5487AD813D27823B4E899DA49342DB6F83FC0D23919A629AAAEC53334DAD63BEEBAD4D92372A76636F8069CF054D08C755A4C7CE76AA07C65D2
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....$...........B... ...`....... ....................................@.................................XB..S....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........>..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                                                        Entropy (8bit):4.728551774224484
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:JWWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPol1f5rxg0Xq:J1NvbOtEq40uYSatEdHwWloA9Pk5rxgJ
                                                                                                                                                                                                                                                                        MD5:833F269BA6F0C34F49273DA7FBD7DCE7
                                                                                                                                                                                                                                                                        SHA1:D0253D322DCDF7F54E37C7E8911A8B77670D2967
                                                                                                                                                                                                                                                                        SHA-256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
                                                                                                                                                                                                                                                                        SHA-512:4FA315E23D985AFFB46F6536CDF2DDC1B882F47098EE2D5A4B954DDEEB8904D1C83182B1598E4948A59728339945307B699A147ECD813C0F91986D95BDC57184
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................gh....R.xns+....2..b]...c........W|..C.....\*.~w.?.....%...M.}..K?.`.Y.0%U..........I.:f...p.EB.....]O]..4Sy'.D4N..................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\Translations\zh-TW\UnifiedStub.resources.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                                                        Entropy (8bit):5.067541414141853
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:oIY26Y9TGjEWVWxzJS9gSKiLHQhcScP/yggS2w3tWGPO4JRy0ty6WGbdIY9MAFXx:ow6Y9TEVWxzJS9gSKiLwhcSSqgwmMGxp
                                                                                                                                                                                                                                                                        MD5:142024ABF19A89ED6DF37C56CE927361
                                                                                                                                                                                                                                                                        SHA1:B818199BB5D275F7E583D9E20F99CF7A393ED226
                                                                                                                                                                                                                                                                        SHA-256:9678E0D14BAC32C77BAAE8A4B697051E3ADE12B91278D7B01FDA00ED471167E4
                                                                                                                                                                                                                                                                        SHA-512:0FF2F4570F35DF7B44901E982D3D15FA1DA6D8D41EB6D98B8ECCB920A8345ACB5A2E89D400F6AC1DD0DF3DD0F70CD1FD4AD38DD4B613F7E72D07D49F7E045C33
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Uf...........!.....$...........B... ...`....... ....................................@.................................8B..S....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................pB......H........>..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1120648
                                                                                                                                                                                                                                                                        Entropy (8bit):6.282495231593689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:nAIzN9/YaT6MIQtZM1A0+Nwhq3drYozTW0fbcIQTPFdWHJLKe:AIzNpG061A0ue8lYozK0fbNpNKe
                                                                                                                                                                                                                                                                        MD5:C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA
                                                                                                                                                                                                                                                                        SHA1:3CD3D6592BBE9C06D51589E483CCE814BAB095EE
                                                                                                                                                                                                                                                                        SHA-256:61D225EEFB7D7AF3519A7E251217A7F803A07A6DDF42C278417C140B15D04B0B
                                                                                                                                                                                                                                                                        SHA-512:348A48B41C2978E48DDBEB8B46AD63EF7DDE805A5998F1730594899792462762A9EEE6E4FE474389923D6B995ECA6518C58563F9D1765087B7AC05CE2D91C096
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.L..........."...0......B........... ........@.. ....................................`.....................................O.......`?...............U..........$...8............................................ ............... ..H............text........ ...................... ..`.rsrc...`?.......@..................@..@.reloc..............................@..B.......................H........Y..................@............................................~....*.......*..0..`.......(....o....(....o....(....(.......r...p(....(....(....~.......(.........,..(......(........(....*.0..............~....o......E............'...9.......o...........8....~....o....s,....~....o....s.....+h~....o....s.....+V~....o....s.....~....o....~....o....~....o ...s$....+ ~....o....s.....~....o....s.....~......o!...*....0..........~....-..("...+....(#.....o$...-..o%.....(.....,.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):160016
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4048842736009
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:S6lrh8aWSI9uVDeMWoWVy5zmndQ1dTZjxO3S/9FVkmiGUV+fS:S6lrhISL9e1oWE56ndQ19aY9Fjs2S
                                                                                                                                                                                                                                                                        MD5:F5CF4F3E8DEDDC2BF3967B6BFF3E4499
                                                                                                                                                                                                                                                                        SHA1:0B236042602A645C5068F44F8FCBCC000C673BFE
                                                                                                                                                                                                                                                                        SHA-256:9D31024A76DCAD5E2B39810DFF530450EE5A1B3ECBC08C72523E6E7EA7365A0B
                                                                                                                                                                                                                                                                        SHA-512:48905A9FF4A2EC31A605030485925A8048E7B79AD3319391BC248F8F022813801D82EB2FF9900EBCB82812F16D89FDFF767EFA3D087303DF07C6C66D2DCB2473
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..2...........P... ...`....@.. ...............................*....`.................................pP..K....`..T............<...5..........0P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...T....`.......4..............@..@.reloc...............:..............@..B.................P......H........i..(...........0....U...O.......................................(....(....*....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........MU.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad..........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):170328
                                                                                                                                                                                                                                                                        Entropy (8bit):6.47551843695429
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:XR761d9cCg9+zhOzcx9R0KvvvvnPPH6Gi5tPArrYeiYiPKiF15fJ2K/Krrii555z:81TcpihOk0KvvvvnPPH6Gi5tPArrYeiG
                                                                                                                                                                                                                                                                        MD5:72689B177CD84AE5260532F5C7A10EBD
                                                                                                                                                                                                                                                                        SHA1:4129FBAB0F99F8420F25D772D2D62A26B1FADB3C
                                                                                                                                                                                                                                                                        SHA-256:062FD8045911EAAB4B5F505DADE6C0E23E6200C1AC1FDB86EA73E69AB801E037
                                                                                                                                                                                                                                                                        SHA-512:8649EB139AE3B695463210EA2E6061C35CD3580C0AD6A5D2D859835255DD6ACD334D791BFCC0D00D1B60573960C91C29009F3325EB8B37DACFBB7CEF401EC4EE
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..Z...........x... ........@.. ..............................$.....`..................................w..K.......\............d..X5...........w............................................... ............... ..H............text...$X... ...Z.................. ..`.rsrc...\............\..............@..@.reloc...............b..............@..B.................x......H.......|l..`...............4k...w.......................................(....(....*:+.(Nf%^.(....*..0.............*....*....0.............*.0.............*......-....;.....0.............*........VV.Q!....0.............*............!....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..............*...Y...............s...........!....0..........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):223016
                                                                                                                                                                                                                                                                        Entropy (8bit):6.7884547646820765
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:cBuq5tonhw9PY+fAKul0ZJXY9ooyJtTsbbiRl7m76m/GS+KKeA4dtrSsQDZ:VqDOhw9PY+4Zl0ZFY9ooyUbc3Kc4dtaF
                                                                                                                                                                                                                                                                        MD5:927934736C03A05209CB3DCC575DAF6A
                                                                                                                                                                                                                                                                        SHA1:A95562897311122BB451791D6E4749BF49D8275F
                                                                                                                                                                                                                                                                        SHA-256:589C228E22DAB9B848A9BD91292394E3BEF327D16B4C8FDD1CC37133EB7D2DA7
                                                                                                                                                                                                                                                                        SHA-512:12D4A116AEE39EB53A6BE1078D4F56F0EBD9D88B8777C7BD5C0A549AB5CFF1DB7F963914552EF0A68FF1096B1E1DC0F378F2D7E03FF97D2850CA6B766C4D6683
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.............!..0..&...........D... ...`....@.. ...............................B....`..................................D..K....`..D............0..(7..........cD............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...D....`.......(..............@..@.reloc..............................@..B.................D......H........|...............W..O....C.......................................(....(....*:+.(..4g.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*....*....0.............*.................0.............*....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):181184
                                                                                                                                                                                                                                                                        Entropy (8bit):6.53382578985949
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:+0AqxqD7b0Qv6wIMCP1Yr+Xle9WQJTrz96JiBRqMadYMBpCA5LH3wjg:NRkD/0Q7IMCP3ePOUBRqKep5jZ
                                                                                                                                                                                                                                                                        MD5:F55948A2538A1AB3F6EDFEEFBA1A68AD
                                                                                                                                                                                                                                                                        SHA1:A0F4827983F1BF05DA9825007B922C9F4D0B2920
                                                                                                                                                                                                                                                                        SHA-256:DE487EDA80E7F3BCE9CD553BC2A766985E169C3A2CAE9E31730644B8A2A4AD26
                                                                                                                                                                                                                                                                        SHA-512:E9B52A9F90BAECB922C23DF9C6925B231827B8A953479E13F098D5E2C0DABD67263EEECED9A304A80B597010B863055F16196E0923922FEF2A63EB000CFF04C9
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ky.............!..0.................. ........@.. ....................................`.................................P...K.......P................5........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H.......ds..............."...}...........................................(....(....*:+.(...W.(|...*.".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsStubLib.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):261232
                                                                                                                                                                                                                                                                        Entropy (8bit):6.520670838166452
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:L4TddrmwvYlpI+JxFKb708NFR75vp+uvewjLbqzm9iVkW:Ud8HI+DW75Hmwnlip
                                                                                                                                                                                                                                                                        MD5:FA4E3D9B299DA1ABC5F33F1FB00BFA4F
                                                                                                                                                                                                                                                                        SHA1:9919B46034B9EFF849AF8B34BC48AA39FB5B6386
                                                                                                                                                                                                                                                                        SHA-256:9631939542E366730A9284A63F1D0D5459C77EC0B3D94DE41196F719FC642A96
                                                                                                                                                                                                                                                                        SHA-512:D21CF55D6B537EF9882EACD737E153812C0990E6BDEA44F5352DFE0B1320E530F89F150662E88DB63BEDF7F691A11D89F432A3C32C8A14D1EB5FC99387420680
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....WG..........." ..0.................. ........... ....................... .......c....`.....................................O.......p...............p8..........4...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......l&..`............2..h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o(.....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsSyncSvc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                                                        Entropy (8bit):6.475738224302649
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:LkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1OH:JJll87GY2q61llaOZBjKt5qq4i
                                                                                                                                                                                                                                                                        MD5:CC7167823D2D6D25E121FC437AE6A596
                                                                                                                                                                                                                                                                        SHA1:559C334CD3986879947653B7B37E139E0C3C6262
                                                                                                                                                                                                                                                                        SHA-256:6138D9EA038014B293DAC1C8FDE8C0D051C0435C72CD6E7DF08B2F095B27D916
                                                                                                                                                                                                                                                                        SHA-512:D4945C528E4687AF03B40C27F29B3CBF1A8D1DAF0EE7DE10CD0CB19288B7BC47FAE979E1462B3FA03692BF67DA51AB6FA562EB0E30B73E55828F3735BBFFFA48
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@.....................................q....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):132112
                                                                                                                                                                                                                                                                        Entropy (8bit):6.108992422954668
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:SWGjyLgosGplJLT7AwoTFGmrY6sWGGHyj:SwgBGplJX7AHGm8UI
                                                                                                                                                                                                                                                                        MD5:167B304C9C615BE2852AC0BEF86E6F15
                                                                                                                                                                                                                                                                        SHA1:7C38A8AF0DE07B41D5E5AF771274B0D46B87B0E0
                                                                                                                                                                                                                                                                        SHA-256:6D5EA04F978E429C5CF0065A213BF28D8AF36540493C6564218EA51B0D5B961D
                                                                                                                                                                                                                                                                        SHA-512:557CF71B939D5F388E17B432DB5D2A15EDE76E6ABCF0476B985BBA0DE4FC22CB130A1A240FE92F41DE03B60E7EDBC9445BE2461079E28EBE985FF523B32EB456
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\7zS83DA393F\rsTime.dll, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. .......................@......0I....`.....................................K.......D................4... ......`................................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc....... ......................@..B........................H........Z...i...........................................................(@...(6...*.0............j*.0.................*...j*....0.................*.0.............*.0............j*.0.............*.0............j*B(@...(6...(....*...".......*...".......*......l*.......*.......*...".......*.......*....(@...(....*:+.(r.S1.(6...*..0.............*.0.............*.0..........(@...8].......E........G...R...8.... ....(....( ...o....(!........ .....9....&8....(R... ........8....*(....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-dns.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):269016
                                                                                                                                                                                                                                                                        Entropy (8bit):5.638348013030407
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:99jevmK0U7H/cF9P/V+FKDe/HfETJBLqw+foMCsbpM9NV:3FK0U7HkF9HVpe/HfASJCr9j
                                                                                                                                                                                                                                                                        MD5:772E66BF2ED9CA8F60C413576B9BFBA0
                                                                                                                                                                                                                                                                        SHA1:91A274E4B66966EB5D036835F8C99FFCD3E74F35
                                                                                                                                                                                                                                                                        SHA-256:C3A505A0BF9BB525DCFE981A5CB60D3B4DC4163F1A1179AA55DDB66E569CF2CB
                                                                                                                                                                                                                                                                        SHA-512:D3C5742FA5F0E663DF7809288B3159465323B9F8942EA684CAA1B98C912245C151E9F1C909129AB3EAFD5F6282B2B4C0BB983E929E945AA92EB6BC506CD19787
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L.......... <.........@.............................0......p/....`.....................................................<....`.......0..d........8... ..........p...........................P...@............`..h............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-epp.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):332568
                                                                                                                                                                                                                                                                        Entropy (8bit):5.000961772420698
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:sbjak9Kn0bnccfHyeL+FRexTh6z6ryBLqB9fbUD6y9lvQzJLEX48:GdKn0bnfPjL1xTh6zub1QD3leLEI8
                                                                                                                                                                                                                                                                        MD5:8157D03D4CD74D7DF9F49555A04F4272
                                                                                                                                                                                                                                                                        SHA1:EAE3DAD1A3794C884FAE0D92B101F55393153F4E
                                                                                                                                                                                                                                                                        SHA-256:CDF775B4D83864B071DBCFEED6D5DA930A9F065919D195BB801B6FFAF9645B74
                                                                                                                                                                                                                                                                        SHA-512:64A764068810A49A8D3191BC534CD6D7031E636AE306D2204AF478B35D102012D8C7E502ED31AF88280689012DC8E6AFD3F7B2A1FE1E25DA6142388713B67FA7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L...........<.........@.............................0.......[....`.....................................................<....`......0..d........;... ..........p...........................P...@............`..h............................text...`J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc.......`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7zS83DA393F\uninstall-vpn.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):201880
                                                                                                                                                                                                                                                                        Entropy (8bit):6.4046209284871525
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:O9jevmK0U7H/cF9P/V+FKDe/HfETJBLqU+foMCdEiBhGo:eFK0U7HkF9HVpe/HfA6JCdEid
                                                                                                                                                                                                                                                                        MD5:410D4E81BE560D860339E12AC63ACB68
                                                                                                                                                                                                                                                                        SHA1:06A9F74874C76EBA0110CDD720DD1E66AA9C271A
                                                                                                                                                                                                                                                                        SHA-256:E4A8D1E07F851BE8070DD9B74255E9DD8B49262C338BFB6EF1537EDD8F088498
                                                                                                                                                                                                                                                                        SHA-512:4BBFFEEF276CE9B8FDD6D767BA00066309EEE0F65E49CEA999D48D1E8688C73D7011ED1301A668C69814457CAAD3981167A1E3FE2021329DD8FC05659103FB3A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.L.5.L.5.L.5...6.I.5...0...5...1.F.5.L.5.M.5.M1.\.5.M6.].5.M0.`.5...3.M.5...4.I.5.L.4...5.N<.M.5.N..M.5.N7.M.5.RichL.5.........................PE..d.....Uf.........."....'.L.......... <.........@.............................0............`.....................................................<....`......0..d........6... ..........p...........................P...@............`..h............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...h...........................@....pdata..d....0......................@..@_RDATA.......P......................@..@.rsrc.......`......................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CSC8925.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                                                                                                                                                                                                                                                        File Type:MSVC .res
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                                                                        Entropy (8bit):3.1348500391419742
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:DXt4Ii3n6E+AHia5YA49aUGiqMZAiN5rryiLak7Ynqq3kPN5alq5e:+Ro+ycuZhNjakS0PN8qM
                                                                                                                                                                                                                                                                        MD5:402D3DD4EA8B4B15FB702495BE31398E
                                                                                                                                                                                                                                                                        SHA1:73D946EC4CD69F834D60E479A765722A5340AD93
                                                                                                                                                                                                                                                                        SHA-256:BDFB5B22CD3EE8FA23DA87D4E890714C1F18EC08156C51CDFF7196B056706042
                                                                                                                                                                                                                                                                        SHA-512:036F8BB42323DCA00559BB28443E125AB3CA3F602E6D17E92930505616B86C41898E54E645C5329E797023D75FE37BF680500B16C701133FBA248468BC47375C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....1...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...f.3.i.l.h.y.3.j...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...f.3.i.l.h.y.3.j...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1...0...0...0...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Cheat Engine Symbols\structures.sqlite

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3008008, page size 1024, file counter 1, database pages 10, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                        Entropy (8bit):1.6211119274023298
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:ri4sWLMSpHJCSHBv52qolhdQZSRmAH/0UkEvWTtSDGsWLMSpHJCSHBv52qolhdQU:3s6pHj55XQp8UkEESSs6pHj55XQZ
                                                                                                                                                                                                                                                                        MD5:551F7A35DEC7A2436EFA7181DF0F5DB4
                                                                                                                                                                                                                                                                        SHA1:38EEA293AB5906FEAD7DF8351863FD75171F864E
                                                                                                                                                                                                                                                                        SHA-256:9F5C71448B5A562560E138BA873E4D827DA45C83745E570FD40DF43D4BEC56D6
                                                                                                                                                                                                                                                                        SHA-512:CE47D79874F71FED3B9930717A8BD2B827DCD6F8CD1D1DE7E1B913D69C9DFC050B6314538A0AEF88A3F89ADC78CE1E5C55A8661395E1AF373DE34C296093271F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................-....................._....................................................................................................................................................................................../...C...indexsqlite_autoindex_elements_1elements.[...!!...indexnamelookupstructures.CREATE INDEX namelookup on structures(moduleid, tablename).F...!!..Wtablestructuresstructures.CREATE TABLE structures(moduleid INTEGER NOT NULL, typeid INTEGER NOT NULL, tablename varchar(255) NOT NULL, length INTEGER NOT NULL, PRIMARY KEY (moduleid, typeid))3...G!..indexsqlite_autoindex_structures_1structures.P...++.Ytablesqlite_sequencesqlite_sequence.CREATE TABLE sqlite_sequence(name,seq).>.......Stablemodulesmodules.CREATE TABLE modules(moduleid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, modulename varchar(255) NOT NULL, timestamp int NOT NULL, UNIQUE (modulename, timestamp))-...A...indexsqlite_autoind

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Cheat Engine Symbols\structures.sqlite-journal

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                                                        Entropy (8bit):0.28499812076190567
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:7FEG2l/hSlltFlxll:7+/l/hS/
                                                                                                                                                                                                                                                                        MD5:A4380888B3322C22F7A3FE27BD9B4589
                                                                                                                                                                                                                                                                        SHA1:F74C8867FDEABDB23527AB2CE90B3AF5D7D99F95
                                                                                                                                                                                                                                                                        SHA-256:E3FDBB98386C9EDF1027D7098E34F06D8783729066F474B4195955251FC9C34F
                                                                                                                                                                                                                                                                        SHA-512:1CB40B3DD55C27206F073FEF8EEBDE4787120F294C119757AE9E382CB7A56026F9606463E74FD47B0226B2C293A47372593B401DBEA032AFF155B7F7FC0D7BF9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.... .c......6g.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Cheat Engine\{388D40A1-4677-493E-963E-C2BCB28B270A}\ADDRESSES.TMP.FILETEST

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):30
                                                                                                                                                                                                                                                                        Entropy (8bit):3.8280729963885096
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:XlhDM8FGQEmB:vDHUmB
                                                                                                                                                                                                                                                                        MD5:826273A91309B13197041791BA18034C
                                                                                                                                                                                                                                                                        SHA1:C1D7C61766E2CC7C8F4FC156C0F002017EB73721
                                                                                                                                                                                                                                                                        SHA-256:4876AAF849BBFBE676C85E6F9A2D842C5EC7D2BC6078302956101030F155A7EE
                                                                                                                                                                                                                                                                        SHA-512:835A3F71D485E690A13945F3D5EB71FB507B07EB18E0288548569C953AB2EB59211696FFA87CE8A7481DF929B3277DEA1FBD0495FE771994B1D2F3E4869FB9DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:....This file can be recreated

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RES8926.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                                                                                                                                                                                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols, created Sat Jul 27 22:25:37 2024, 1st section name ".debug$S"
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1196
                                                                                                                                                                                                                                                                        Entropy (8bit):3.6549651256985323
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:HcMJ9Ye8wZkdwZHd0UnhKLo+ycuZhNjakS0PN8qGtd:We8wZkdwZ9/nhKLVulja3UFGH
                                                                                                                                                                                                                                                                        MD5:8778590FBCBB586902F6529FDBEF8194
                                                                                                                                                                                                                                                                        SHA1:A53DE6B7A88C9619DFE53A69FF64F09624AD686F
                                                                                                                                                                                                                                                                        SHA-256:01D84AD1247C57D7A83A3AA8037DB48A35A1DAC64AFA5F7FB45BE991E9D93FD4
                                                                                                                                                                                                                                                                        SHA-512:2E78145BC9A4B309A938F5F8789772DEA542EE202F8FAD21B50C56B140AD3C5FF09A3D64BC269BBD608ACDC47A65FD2637455EBA610B6DD2793D5AEE112880A5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L....s.f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........P...................@..@.............c:\Users\user\AppData\Local\Temp\CSC8925.tmp.................@-=..K..p$..19.......b...3.......C:\Users\user\AppData\Local\Temp\RES8926.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....1...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...f.3.i.l.h.y.3.j...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...f.3.i.l.h.y.3.j...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Stub.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2366456
                                                                                                                                                                                                                                                                        Entropy (8bit):7.412019243226958
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:UfH6zTpzzrjEEiNjbBnfnsKm8Igo+tDO6admDTDj:A6nxbqFnIdmS50PDj
                                                                                                                                                                                                                                                                        MD5:6613E98A6EFF88810424C120EA6901E8
                                                                                                                                                                                                                                                                        SHA1:DEF8283DC3BE0ED2A294B39811275B07A509C96F
                                                                                                                                                                                                                                                                        SHA-256:2DEF27D493717A7EA38A7565DB03F50215763B8CFE05E821B358D61DF2E95185
                                                                                                                                                                                                                                                                        SHA-512:A4C6D2DF297B0DB94B1F966D6B62935A72E0C2E1EE6EF7D42DE2C705F7A648BF47A1E5EE5037BC35B53F327B2F0CBBF36BD526B8BA4921B031FBD2290CD7B257
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ka..*.S.*.S.*.S.5.S.*.Sn6.S.*.S.5.S.*.S.5.S.*.Sc"PS.*.S.*.Sd*.Sn"RS.*.S...S.*.S.U.R.*.S...S.*.S...S.*.SuX.R.*.S*,.S.*.SRich.*.S........................PE..L....\.d........../.................l.............@...................................$.........................................x....0...A.......... .#..l...........................................................................................text............................... ..`.rdata...:.......<..................@..@.data....$..........................@....sxdata...... ......................@....rsrc....A...0...B..................@..@................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\f3ilhy3j.0.cs

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):21196
                                                                                                                                                                                                                                                                        Entropy (8bit):4.621163126493091
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:Fb/klKRnWh5mbyV/Z0TAFyeda+1qRzXd/ceB8wqp48/zc8z:1cmRO/NfqRRceB8wqp48/zc8z
                                                                                                                                                                                                                                                                        MD5:E9AEF2DDF04B3A404B79E36A6EE8080E
                                                                                                                                                                                                                                                                        SHA1:656255902D018E7FD77BA5C7A752977AB66581A3
                                                                                                                                                                                                                                                                        SHA-256:E24FCBFDC73B76213CBDC309A1952C191A4B052D49193F72572B1634BE057D15
                                                                                                                                                                                                                                                                        SHA-512:80CF41AFF53B49CCA964CD3A32B2E89476D38869901148C1DA2D2F05E1C9EB1FCE175E0D885368952F43A07F77AE3D8C4858D1D6B932D53E0BBC300639686B28
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("1.0.0.0")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterWFSettings : System.Xml.Serialization.XmlSerializationWriter {.... public void Write5_WFSettings(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"WFSettings", @"");.. return;.. }.. TopLevelElement();.. Write4_WFSettings(@"WFSettings", @"", ((global::WeatherZero.WFSettings)o), true, false);.. }.... void Write4_WFSettings(string n, string ns, global::WeatherZero.WFSettings o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);.. return;..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (398), with no line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):401
                                                                                                                                                                                                                                                                        Entropy (8bit):5.5819495386776365
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:p3rfyAlvBvgOknoT7z5dwZb2rHc9ow16PlwZbL:VLyfOkn8zjwZbAW1clwZbL
                                                                                                                                                                                                                                                                        MD5:30AE704F2B89A1D023D9F4802F797098
                                                                                                                                                                                                                                                                        SHA1:3A0AE1E93AA414F626602B364889AC7814DE14CC
                                                                                                                                                                                                                                                                        SHA-256:3705CA9B541FC149C6839BD10D63CD89C5A565F30D46EF4AD1A86B4F6956E8DC
                                                                                                                                                                                                                                                                        SHA-512:E98D1BAE7E6FBBF9E91673C8EDC4D9696E4AD2DB9C0CE1E6AC4FC30241AD11A14771D6E1D8D8AC273873F457BF7F59F9AEADEA3C69643BB03712BD15544651F3
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:./t:library /utf8output /R:"C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\f3ilhy3j.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\f3ilhy3j.0.cs"

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\f3ilhy3j.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                        Entropy (8bit):4.9030477735077955
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:gFMuSDpPn4x3i9k2XMIczjMcOAmRXryOKVRYX82/cCEOh:FuSlP4D2cIxHePYM9CTh
                                                                                                                                                                                                                                                                        MD5:C647BAFA1A745F39F3BAF5E79E734024
                                                                                                                                                                                                                                                                        SHA1:60435E36806E8C28194BC922C0D4FC5ED204323C
                                                                                                                                                                                                                                                                        SHA-256:4B65F0E20B927AFC6DF7FE0F89B9E313A983D951D5F70B505C6ADDD861CF603D
                                                                                                                                                                                                                                                                        SHA-512:8B002D94B60F89232A6E6F1342DB6034FCDD29FA1D77BAB1BE0C45DDD62CC0429A13E402C0403E6B99282810767644A2DFFC50A267F770ABA438476026A2323F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.f...........!.....(..........>G... ...`....@.. ....................................@..................................F..K....`............................................................................... ............... ..H............text...D'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B................ G......H........-..<.............................................................(.....-..r...pr...p(....*.(.....r...pr...p.t......(....*...0...........-...,....(....*..-..o...........(........(....z......(......,..r...pr...p(.....r...pr...p.o....(.....r)..pr...p.o....(.....r7..pr...p.o....(.....rO..pr...p.o....(.....rY..pr...p.o....(.....rq..pr...p..o....(....(.....r...pr...p..o....(....(.....r...pr...p.o....(....(.....r...pr...p.o....(.....r...pr...p.o....(....(.....r...pr...p.o..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\f3ilhy3j.out

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (475), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):682
                                                                                                                                                                                                                                                                        Entropy (8bit):5.5943822857124665
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:xKnzR3rfyAlvBvgOknoT7z5dwZb2rHc9ow16PlwZbKKai3SGzKIMBj6I5BFR5y:AnzdLyfOkn8zjwZbAW1clwZbKKai3SGX
                                                                                                                                                                                                                                                                        MD5:CD99010688199BBBDF13015652BAC08A
                                                                                                                                                                                                                                                                        SHA1:0B141DCCB8C4A556C89FD2C8A5740F8FE3DF05E2
                                                                                                                                                                                                                                                                        SHA-256:4C399A2C80174AD61EF040307C3A792F1D4AF0149DBC006B5A2CB9033941FDAF
                                                                                                                                                                                                                                                                        SHA-512:FB80158F004A8B8CEC741EE80B65AF9012892ED61026D55E9E0C9CC6D3C9B52DC5869687F99A42F61F2642FF7ADD8672C373D77B0903778302E4048E7EAA5A78
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\f3ilhy3j.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\f3ilhy3j.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3014144
                                                                                                                                                                                                                                                                        Entropy (8bit):6.393837791441553
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:fLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvu:dwSi0b67zeCzt0+yO3kS
                                                                                                                                                                                                                                                                        MD5:C47A946F3D41363C77CA4C719516E49B
                                                                                                                                                                                                                                                                        SHA1:01CB165E95FB6590F66673D25917B838C847BA8B
                                                                                                                                                                                                                                                                        SHA-256:32361DA66CBEDF8AC39A309427A132A1927350A38F1BC3F32F0EA78562B24848
                                                                                                                                                                                                                                                                        SHA-512:4520A1BF4754DCE663EE038FF34DE33B9BC73CDB93E3CB7674BBBC9096002664EDD6ADEE6257677277C6FDF48418BDECFB26C26D113E241EAB0A621A9A1888D7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3223968
                                                                                                                                                                                                                                                                        Entropy (8bit):6.338087367720092
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                                                                                        MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                                                                                        SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                                                                                        SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                                                                                        SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):27406384
                                                                                                                                                                                                                                                                        Entropy (8bit):7.993410954401878
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:786432:37YPcmlabhBx9CrdUxTvngF7oUNUQWQu7pquEKLR:rGTabv+CVYhoLXQ8BR
                                                                                                                                                                                                                                                                        MD5:E0F666FE4FF537FB8587CCD215E41E5F
                                                                                                                                                                                                                                                                        SHA1:D283F9B56C1E36B70A74772F7CA927708D1BE76F
                                                                                                                                                                                                                                                                        SHA-256:F88B0E5A32A395AB9996452D461820679E55C19952EFFE991DEE8FEDEA1968AF
                                                                                                                                                                                                                                                                        SHA-512:7F6CABD79CA7CDACC20BE8F3324BA1FDAAFF57CB9933693253E595BFC5AF2CB7510AA00522A466666993DA26DDC7DF4096850A310D7CFF44B2807DE4E1179D1A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................R...^.......^.......p....@.................................".....@......@...................@....... .......p..................k...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\RAV_Cross.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):75974
                                                                                                                                                                                                                                                                        Entropy (8bit):7.973739579566582
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:cyfQCzB7fBVwtW5EGtWO7Cemktbbv36SEOW9izF:cyfJ/2WXz7Fbbf61OW9aF
                                                                                                                                                                                                                                                                        MD5:CD09F361286D1AD2622BA8A57B7613BD
                                                                                                                                                                                                                                                                        SHA1:4CD3E5D4063B3517A950B9D030841F51F3C5F1B1
                                                                                                                                                                                                                                                                        SHA-256:B92A31D4853D1B2C4E5B9D9624F40B439856D0C6A517E100978CBDE8D3C47DC8
                                                                                                                                                                                                                                                                        SHA-512:F73D60C92644E0478107E0402D1C7B4DFA1674F69B41856F74F937A7B57CEAA2B3BE9242F2B59F1FCF71063AAC6CBE16C594618D1A8CDD181510DE3240F31DFF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...([IDATx.....U./.?...0'.H.%.A$.N....t.+. .1....].8..8...q...D.OQ.t>G...}Z.x.t.(.....#..........vF0'<;!..;.k..].T....t...._U...k.........................................................................................................................................................................[.````````p.c..v*..jii.,.Z.+...B.tySSSc......3.&..........G$J.....:X2v3....mkk.P... ..K.n.X,R.......n.............j.g..].v..>...P}..Mo.z........Am`c.4.h.`..E.F.f..-........G..6............$..=p......Floh.................Fc..mP..R.........50000008".7.)S2.6=..c+P....K.].]=. ..]..{.........$L...IM+. ...!.?.q.g....4..............SZ".Xe..G.-]#..7.!.)]t|VW..-]...}.KW.t..8.."...-.."..`...u.0...uI...q(.N.?.0.J.p..m$/S.H..D.cJx. hU.]q.j...t...T.m......A...Y....r.........0.f....UD.J.V.g0.y/|C.4l!..jix.{V...o.. ..V...9K..7:..D...u....e.|.-.J.Z../. . .. !.:.,...u...50000008R`...W.c.2.(..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\WeatherZero.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):30586
                                                                                                                                                                                                                                                                        Entropy (8bit):7.919646221064304
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:Fk7fJC9WjOI1DaGmnitN039DODp56Ys+9S/IUM+:FktpB4FiQ3qd9S/BN
                                                                                                                                                                                                                                                                        MD5:9AC6287111CB2B272561781786C46CDD
                                                                                                                                                                                                                                                                        SHA1:6B02F2307EC17D9325523AF1D27A6CB386C8F543
                                                                                                                                                                                                                                                                        SHA-256:AB99CDB7D798CB7B7D8517584D546AA4ED54ECA1B808DE6D076710C8A400C8C4
                                                                                                                                                                                                                                                                        SHA-512:F998A4E0CE14B3898A72E0B8A3F7154FC87D2070BADCFA98582E3B570CA83A562D5A0C95F999A4B396619DB42AB6269A2BAC47702597C5A2C37177441723D837
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...w.IDATx....]Wu.5....$...U....!...t.H"...#9.yI'...30H........$'a6...D..NwB...4.tB.$...'......0.d.z}W.+/-.3.[u.=....S..{X{.i.}....B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!D.1#.I....C.g.~.....1...3_r....OB.!..bJ...2k......;..~....q`.f..ov.B.!...!.w.....<..S..w.}?f.^|..w.s.=o.i..M.!...&2.&...~..mt.a;`.>h.....o.}........n.u..?...B.!D-d.N2../...3g..5k.o...<.....s..7C.I....3f._I.!..B.B....n.i.......f...[..}.........;b...........k.Gg.{.....v...fa...^x_.B.!......dFFF0:....Uf.>...,<{..6..C........g.s.=.f.....;<<|8.!..B.Z...$..../8~....h]o...8.Q./.../..?OB.!...cd.N....^j...;........N.....|......B..`.....W...........*..1..#....C........ ..C...X.|.U.....^...;.x...w../..;6.a....W-Z..$..B4.3t.mpg{{..6;.[.z.8...t..!3t....<Xg.....p....F.o.|.+_y.y.>k..........=.IO.&....Y..a.c.*...k...[....{$.!....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\WebAdvisor.png (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):48743
                                                                                                                                                                                                                                                                        Entropy (8bit):7.952703392311964
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
                                                                                                                                                                                                                                                                        MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
                                                                                                                                                                                                                                                                        SHA1:0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
                                                                                                                                                                                                                                                                        SHA-256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
                                                                                                                                                                                                                                                                        SHA-512:9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..|.....{l\tO.|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.|.......?..#......2vO....F......@.|..w7].|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`|..?.....?...{..~~........).........`$.......tG....|.n.2..........[..._....e.}.=..<........h.7|?Kg....+

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\botva2.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                                                        Entropy (8bit):6.216405702855349
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:kyNq+QWR4gxSUzF08/zFlKcLdQxNld36fJPHw5g4wT1C:jNq+Qw0+JLAqf9Hw5C1C
                                                                                                                                                                                                                                                                        MD5:67965A5957A61867D661F05AE1F4773E
                                                                                                                                                                                                                                                                        SHA1:F14C0A4F154DC685BB7C65B2D804A02A0FB2360D
                                                                                                                                                                                                                                                                        SHA-256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
                                                                                                                                                                                                                                                                        SHA-512:C6942818B9026DC5DB2D62999D32CF99FE7289F79A28B8345AF17ACF9D13B2229A5E917A48FF1F6D59715BDBCB00C1625E0302ABCFE10CA7E0475762E0A3F41B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................r........................@.................................................................................................................................................................................................CODE.....p.......r.................. ..`DATA.................v..............@...BSS..................x...................idata...............x..............@....edata..............................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\error.png

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                                                                                        Entropy (8bit):7.933893788279908
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:28uJEU4QOgo51V0XxDvBpIPR4kYSvGXP/ooOj5dOqhKpcVnJS4LcWTD:RuJNur+XxDvBpIPSkYSvYP/6DVECVncW
                                                                                                                                                                                                                                                                        MD5:6B7CB2A5A8B301C788C3792802696FE8
                                                                                                                                                                                                                                                                        SHA1:DA93950273B0C256DAB64BB3BB755AC7C14F17F3
                                                                                                                                                                                                                                                                        SHA-256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
                                                                                                                                                                                                                                                                        SHA-512:4183DBB8FD7DE5FD5526A79B62E77FC30B8D1EC34EBAA3793B4F28BEB36124084533E08B595F77305522BC847EDFED1F9388C0D2ECE66E6AC8ACB7049B48EE86
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................... .IDATx^...].u&x^......AR..%j.....fw=....P..){5.q..S.;5.[..H....N.$.k.fmy<...EI.$R2.H...htz....;.=.......F...nt.t.......|'B...(..."..(..."..(.5.@.f.T.T.P...E@.P...E@.P.H....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\finish.png

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                                                                                        Entropy (8bit):7.933893788279908
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:28uJEU4QOgo51V0XxDvBpIPR4kYSvGXP/ooOj5dOqhKpcVnJS4LcWTD:RuJNur+XxDvBpIPSkYSvYP/6DVECVncW
                                                                                                                                                                                                                                                                        MD5:6B7CB2A5A8B301C788C3792802696FE8
                                                                                                                                                                                                                                                                        SHA1:DA93950273B0C256DAB64BB3BB755AC7C14F17F3
                                                                                                                                                                                                                                                                        SHA-256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
                                                                                                                                                                                                                                                                        SHA-512:4183DBB8FD7DE5FD5526A79B62E77FC30B8D1EC34EBAA3793B4F28BEB36124084533E08B595F77305522BC847EDFED1F9388C0D2ECE66E6AC8ACB7049B48EE86
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................... .IDATx^...].u&x^......AR..%j.....fw=....P..){5.q..S.;5.[..H....N.$.k.fmy<...EI.$R2.H...htz....;.=.......F...nt.t.......|'B...(..."..(..."..(.5.@.f.T.T.P...E@.P...E@.P.H....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-2N6V1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):48743
                                                                                                                                                                                                                                                                        Entropy (8bit):7.952703392311964
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
                                                                                                                                                                                                                                                                        MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
                                                                                                                                                                                                                                                                        SHA1:0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
                                                                                                                                                                                                                                                                        SHA-256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
                                                                                                                                                                                                                                                                        SHA-512:9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..|.....{l\tO.|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.|.......?..#......2vO....F......@.|..w7].|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`|..?.....?...{..~~........).........`$.......tG....|.n.2..........[..._....e.}.=..<........h.7|?Kg....+

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-668LL.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):75974
                                                                                                                                                                                                                                                                        Entropy (8bit):7.973739579566582
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:cyfQCzB7fBVwtW5EGtWO7Cemktbbv36SEOW9izF:cyfJ/2WXz7Fbbf61OW9aF
                                                                                                                                                                                                                                                                        MD5:CD09F361286D1AD2622BA8A57B7613BD
                                                                                                                                                                                                                                                                        SHA1:4CD3E5D4063B3517A950B9D030841F51F3C5F1B1
                                                                                                                                                                                                                                                                        SHA-256:B92A31D4853D1B2C4E5B9D9624F40B439856D0C6A517E100978CBDE8D3C47DC8
                                                                                                                                                                                                                                                                        SHA-512:F73D60C92644E0478107E0402D1C7B4DFA1674F69B41856F74F937A7B57CEAA2B3BE9242F2B59F1FCF71063AAC6CBE16C594618D1A8CDD181510DE3240F31DFF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...([IDATx.....U./.?...0'.H.%.A$.N....t.+. .1....].8..8...q...D.OQ.t>G...}Z.x.t.(.....#..........vF0'<;!..;.k..].T....t...._U...k.........................................................................................................................................................................[.````````p.c..v*..jii.,.Z.+...B.tySSSc......3.&..........G$J.....:X2v3....mkk.P... ..K.n.X,R.......n.............j.g..].v..>...P}..Mo.z........Am`c.4.h.`..E.F.f..-........G..6............$..=p......Floh.................Fc..mP..R.........50000008".7.)S2.6=..c+P....K.].]=. ..]..{.........$L...IM+. ...!.?.q.g....4..............SZ".Xe..G.-]#..7.!.)]t|VW..-]...}.KW.t..8.."...-.."..`...u.0...uI...q(.N.?.0.J.p..m$/S.H..D.cJx. hU.]q.j...t...T.m......A...Y....r.........0.f....UD.J.V.g0.y/|C.4l!..jix.{V...o.. ..V...9K..7:..D...u....e.|.-.J.Z../. . .. !.:.,...u...50000008R`...W.c.2.(..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-66E0G.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-CB7G7.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6227973
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999704627939555
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
                                                                                                                                                                                                                                                                        MD5:7CC0288A2A8BBE014F9E344F3068C8F1
                                                                                                                                                                                                                                                                        SHA1:EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
                                                                                                                                                                                                                                                                        SHA-256:200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
                                                                                                                                                                                                                                                                        SHA-512:869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....|..\.....9.i..]<C..*...Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o.*.I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..*B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'..*.....#..G.......l.:`..D.c*.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.*m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-RM911.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):30586
                                                                                                                                                                                                                                                                        Entropy (8bit):7.919646221064304
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:Fk7fJC9WjOI1DaGmnitN039DODp56Ys+9S/IUM+:FktpB4FiQ3qd9S/BN
                                                                                                                                                                                                                                                                        MD5:9AC6287111CB2B272561781786C46CDD
                                                                                                                                                                                                                                                                        SHA1:6B02F2307EC17D9325523AF1D27A6CB386C8F543
                                                                                                                                                                                                                                                                        SHA-256:AB99CDB7D798CB7B7D8517584D546AA4ED54ECA1B808DE6D076710C8A400C8C4
                                                                                                                                                                                                                                                                        SHA-512:F998A4E0CE14B3898A72E0B8A3F7154FC87D2070BADCFA98582E3B570CA83A562D5A0C95F999A4B396619DB42AB6269A2BAC47702597C5A2C37177441723D837
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...w.IDATx....]Wu.5....$...U....!...t.H"...#9.yI'...30H........$'a6...D..NwB...4.tB.$...'......0.d.z}W.+/-.3.[u.=....S..{X{.i.}....B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!D.1#.I....C.g.~.....1...3_r....OB.!..bJ...2k......;..~....q`.f..ov.B.!...!.w.....<..S..w.}?f.^|..w.s.=o.i..M.!...&2.&...~..mt.a;`.>h.....o.}........n.u..?...B.!D-d.N2../...3g..5k.o...<.....s..7C.I....3f._I.!..B.B....n.i.......f...[..}.........;b...........k.Gg.{.....v...fa...^x_.B.!......dFFF0:....Uf.>...,<{..6..C........g.s.=.f.....;<<|8.!..B.Z...$..../8~....h]o...8.Q./.../..?OB.!...cd.N....^j...;........N.....|......B..`.....W...........*..1..#....C........ ..C...X.|.U.....^...;.x...w../..;6.a....W-Z..$..B4.3t.mpg{{..6;.[.z.8...t..!3t....<Xg.....p....F.o.|.+_y.y.>k..........=.IO.&....Y..a.c.*...k...[....{$.!....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\is-U0GBD.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33432
                                                                                                                                                                                                                                                                        Entropy (8bit):5.357332239462146
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:Wj1b3suKzD3S8AktYcFA/Vc6KB5YiR2yAMxkE4BP:FzDC8AY8Vclv7jxKP
                                                                                                                                                                                                                                                                        MD5:D1495CE1E0A925ADE7F92355F121DF16
                                                                                                                                                                                                                                                                        SHA1:1F8584BB644973C2914BEE929B3D01FFF59EAB25
                                                                                                                                                                                                                                                                        SHA-256:F78AEA6165200F8AD16D5666B41BFEF90CC5CEC1229950E531078F12976473F9
                                                                                                                                                                                                                                                                        SHA-512:CFE8BDD799FCA75D0F6045AE6697918294CD2402B8EEE182C3ED7A3DFA0C60455C78829A363F9EBB551C30F7C203F2B5B0BFAC02DC89CA8117985117C5F937FE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.............N1... ...@....@.. ...............................O....`..................................0..O....@...............*...X...`......P0..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......(..............@..B................01......H........#...............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...prO..p(....s.....(....(....r...p(....(..............-...........8...............%..:..o..........o.........i.0.~....+.........r...p(....-H..r...p(....-:..r...p(....-,..r...p(....-{..r...p(....-q..r...p(....-g+h..( ...-_..(........o!...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\logo.png

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                                                                                        Entropy (8bit):7.933893788279908
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:28uJEU4QOgo51V0XxDvBpIPR4kYSvGXP/ooOj5dOqhKpcVnJS4LcWTD:RuJNur+XxDvBpIPSkYSvYP/6DVECVncW
                                                                                                                                                                                                                                                                        MD5:6B7CB2A5A8B301C788C3792802696FE8
                                                                                                                                                                                                                                                                        SHA1:DA93950273B0C256DAB64BB3BB755AC7C14F17F3
                                                                                                                                                                                                                                                                        SHA-256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
                                                                                                                                                                                                                                                                        SHA-512:4183DBB8FD7DE5FD5526A79B62E77FC30B8D1EC34EBAA3793B4F28BEB36124084533E08B595F77305522BC847EDFED1F9388C0D2ECE66E6AC8ACB7049B48EE86
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................... .IDATx^...].u&x^......AR..%j.....fw=....P..){5.q..S.;5.[..H....N.$.k.fmy<...EI.$R2.H...htz....;.=.......F...nt.t.......|'B...(..."..(..."..(.5.@.f.T.T.P...E@.P...E@.P.H....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P...E@..!.......CU...E@.P...E@.P.....P...E@.P...E@.P.j..%.5t..P..E@.P...E@.P...%.....E@.P...E@.P....B@.@..l=TE@.P...E@.P...E@....E@.P...E@.P...E...P.PC'[.U.P...E@.P...E@.P..k@.P...E@.P

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33432
                                                                                                                                                                                                                                                                        Entropy (8bit):5.357332239462146
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:Wj1b3suKzD3S8AktYcFA/Vc6KB5YiR2yAMxkE4BP:FzDC8AY8Vclv7jxKP
                                                                                                                                                                                                                                                                        MD5:D1495CE1E0A925ADE7F92355F121DF16
                                                                                                                                                                                                                                                                        SHA1:1F8584BB644973C2914BEE929B3D01FFF59EAB25
                                                                                                                                                                                                                                                                        SHA-256:F78AEA6165200F8AD16D5666B41BFEF90CC5CEC1229950E531078F12976473F9
                                                                                                                                                                                                                                                                        SHA-512:CFE8BDD799FCA75D0F6045AE6697918294CD2402B8EEE182C3ED7A3DFA0C60455C78829A363F9EBB551C30F7C203F2B5B0BFAC02DC89CA8117985117C5F937FE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.............N1... ...@....@.. ...............................O....`..................................0..O....@...............*...X...`......P0..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......(..............@..B................01......H........#...............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...prO..p(....s.....(....(....r...p(....(..............-...........8...............%..:..o..........o.........i.0.~....+.........r...p(....-H..r...p(....-:..r...p(....-,..r...p(....-{..r...p(....-q..r...p(....-g+h..( ...-_..(........o!...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):33432
                                                                                                                                                                                                                                                                        Entropy (8bit):5.357332239462146
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:Wj1b3suKzD3S8AktYcFA/Vc6KB5YiR2yAMxkE4BP:FzDC8AY8Vclv7jxKP
                                                                                                                                                                                                                                                                        MD5:D1495CE1E0A925ADE7F92355F121DF16
                                                                                                                                                                                                                                                                        SHA1:1F8584BB644973C2914BEE929B3D01FFF59EAB25
                                                                                                                                                                                                                                                                        SHA-256:F78AEA6165200F8AD16D5666B41BFEF90CC5CEC1229950E531078F12976473F9
                                                                                                                                                                                                                                                                        SHA-512:CFE8BDD799FCA75D0F6045AE6697918294CD2402B8EEE182C3ED7A3DFA0C60455C78829A363F9EBB551C30F7C203F2B5B0BFAC02DC89CA8117985117C5F937FE
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.............N1... ...@....@.. ...............................O....`..................................0..O....@...............*...X...`......P0..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......(..............@..B................01......H........#...............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...prO..p(....s.....(....(....r...p(....(..............-...........8...............%..:..o..........o.........i.0.~....+.........r...p(....-H..r...p(....-:..r...p(....-,..r...p(....-{..r...p(....-q..r...p(....-g+h..( ...-_..(........o!...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1.zip (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\installer.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):29504216
                                                                                                                                                                                                                                                                        Entropy (8bit):7.992759398379778
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:786432:04e7iJzW/sw/H8gbacchaQh0T1iWcO1Q3+Bu+:wiJusw/8gvc0C0prcObB5
                                                                                                                                                                                                                                                                        MD5:E1DD69840A8965E125AA7F311B6D8EFB
                                                                                                                                                                                                                                                                        SHA1:ECEBA8DA71B7A767C674BFB5E704AEA6857E0827
                                                                                                                                                                                                                                                                        SHA-256:94F19254D9F0B4D11BD99E23CFD2ACFC4498BCCD1B163CA7BF4DC19FC303A088
                                                                                                                                                                                                                                                                        SHA-512:4FA041DD7B6DCE8EE43D579BA0DC2E383A4B0CA3AEA56EE967C7FE5079647C644189A1E5C7BFE27375CC54E96DDB1ABEC5C56E91185C58BE977CC77D6A7C1913
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d....j)f.........."..........|.................@....................................t.....`.................................................8$..(............p..p2...........p.........p.......................(.......8...............p...H"..`....................text............................... ..`.rdata..............................@..@.data....1...0......................@....pdata..p2...p...4...4..............@..@_RDATA...............h..............@..@.rsrc................j..............@..@.reloc.......p......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1184128
                                                                                                                                                                                                                                                                        Entropy (8bit):6.623147525519113
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                                                                                                        MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                                                        SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                                                                                                        SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                                                                                                        SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2 (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6227973
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999704627939555
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
                                                                                                                                                                                                                                                                        MD5:7CC0288A2A8BBE014F9E344F3068C8F1
                                                                                                                                                                                                                                                                        SHA1:EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
                                                                                                                                                                                                                                                                        SHA-256:200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
                                                                                                                                                                                                                                                                        SHA-512:869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....|..\.....9.i..]<C..*...Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o.*.I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..*B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'..*.....#..G.......l.:`..D.c*.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.*m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2.zip (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6227973
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999704627939555
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
                                                                                                                                                                                                                                                                        MD5:7CC0288A2A8BBE014F9E344F3068C8F1
                                                                                                                                                                                                                                                                        SHA1:EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
                                                                                                                                                                                                                                                                        SHA-256:200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
                                                                                                                                                                                                                                                                        SHA-512:869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....|..\.....9.i..]<C..*...Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o.*.I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..*B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'..*.....#..G.......l.:`..D.c*.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.*m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6261520
                                                                                                                                                                                                                                                                        Entropy (8bit):7.998950113701314
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:98304:O/KXgWUBu+NlRk9OfK2GTyYX+eyaB135PSuXTm0LuM74eL3o1+ykb5io5dtWx9eJ:O/KXNs6OfxGTyHwnXZB3o1jkb5ioPtE2
                                                                                                                                                                                                                                                                        MD5:3C17F28CC001F6652377D3B5DEEC10F0
                                                                                                                                                                                                                                                                        SHA1:EEB13CF47836FF0A0D5CC380618F33E7818F9D75
                                                                                                                                                                                                                                                                        SHA-256:FA352552306B80F3F897F8F21D8579AE642C97D12298E113AE1ADC03902C69B8
                                                                                                                                                                                                                                                                        SHA-512:240B31F29D439C09A56D3BF8D4A3EA14F75C2286E209E7DF3F4FF301BFA3AD8228D7BEBE01ACEA6F2F702A0BA7ECDB5583B97372725C77EF497E749740F644B3
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L...<.Oa.................f...|.......3............@.......................... ........`...@.................................D...........HD...........2_..Y...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8U...........~..............@....ndata...................................rsrc...HD.......F..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\zbShieldUtils.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2060288
                                                                                                                                                                                                                                                                        Entropy (8bit):6.6100200574741494
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:iLDTmgoGpODyFCdZlcY6loEvcx+zI0KpCt5yngWmfLgH:iDJ7myFC/lZ6loEvVzI0KYt5yntm
                                                                                                                                                                                                                                                                        MD5:FAD0877741DA31AB87913EF1F1F2EB1A
                                                                                                                                                                                                                                                                        SHA1:21ABB83B8DFC92A6D7EE0A096A30000E05F84672
                                                                                                                                                                                                                                                                        SHA-256:73FF938887449779E7A9D51100D7BE2195198A5E2C4C7DE5F93CEAC7E98E3E02
                                                                                                                                                                                                                                                                        SHA-512:F626B760628E16B9AA8B55E463C497658DD813CF5B48A3C26A85D681DA1C3A33256CAE012ACC1257B1F47EA37894C3A306F348EB6BD4BBDF94C9D808646193EC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}./}9.A.9.A.9.A.r.B/$.A.r.F/8.A.r.E/..A.r.D/..A.r.G/8.A.r.@/..A.9.@.3.A.k.E/+.A.k.B/!.A.k.D/G.A...H/:.A...A/8.A.....8.A.9...8.A...C/8.A.Rich9.A.........PE..L.....c...........!.....f...N............................................................@.........................0...........T........A..............................p...............................@............................................text...`e.......f.................. ..`.rdata..>L.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsd1492.tmp\INetC.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                                                        Entropy (8bit):5.666921368237103
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
                                                                                                                                                                                                                                                                        MD5:2B342079303895C50AF8040A91F30F71
                                                                                                                                                                                                                                                                        SHA1:B11335E1CB8356D9C337CB89FE81D669A69DE17E
                                                                                                                                                                                                                                                                        SHA-256:2D5D89025911E2E273F90F393624BE4819641DBEE1606DE792362E442E54612F
                                                                                                                                                                                                                                                                        SHA-512:550452DADC86ECD205F40668894116790A456FE46E9985D68093D36CF32ABF00EDECB5C56FF0287464A0E819DB7B3CC53926037A116DE6C651332A7CC8035D47
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....T.[...........!.....8...P......I?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data....<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsd1492.tmp\WeatherZeroNSISPlugin.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                                                                        Entropy (8bit):6.021498979818168
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:1WNrNNNifmpPFyCrHQnfYWiWJHA7LeLJRHRNJOYHQ93AjN:1WNrNNNifmpPFyCrHQnfYWiWJHcLeLJ3
                                                                                                                                                                                                                                                                        MD5:2EAF88651D6DE968BF14EC9DB52FD3B5
                                                                                                                                                                                                                                                                        SHA1:1C37626526572FDB6378AA4BEDBF7B941886A9A1
                                                                                                                                                                                                                                                                        SHA-256:070190292DF544DA87F84DC8CF8ECC0A0337085A3FE744FA60CE00A6879B6146
                                                                                                                                                                                                                                                                        SHA-512:15754A8F097F9C8D7BDA65FB881720AF5E4C4DB1E35F555563B9BAFE6426A6A0E50953A47F628FE3DC0F461E48ABBF77DB7C997902FF483CF33396D0D8E2CD17
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S...G...^...G.......G...E.....\.....F.........G...V...S...:.....V.....R.....N.R.....R...RichS...........PE..L.....b...........!.........f.......n.......@............................................@......................... H.......H..<........................Y......x,..(+..8...........................`+..@............@..h............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...|#...`.......D..............@....rsrc................T..............@..@.reloc..x,...........V..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2366456
                                                                                                                                                                                                                                                                        Entropy (8bit):7.412019243226958
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:UfH6zTpzzrjEEiNjbBnfnsKm8Igo+tDO6admDTDj:A6nxbqFnIdmS50PDj
                                                                                                                                                                                                                                                                        MD5:6613E98A6EFF88810424C120EA6901E8
                                                                                                                                                                                                                                                                        SHA1:DEF8283DC3BE0ED2A294B39811275B07A509C96F
                                                                                                                                                                                                                                                                        SHA-256:2DEF27D493717A7EA38A7565DB03F50215763B8CFE05E821B358D61DF2E95185
                                                                                                                                                                                                                                                                        SHA-512:A4C6D2DF297B0DB94B1F966D6B62935A72E0C2E1EE6EF7D42DE2C705F7A648BF47A1E5EE5037BC35B53F327B2F0CBBF36BD526B8BA4921B031FBD2290CD7B257
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ka..*.S.*.S.*.S.5.S.*.Sn6.S.*.S.5.S.*.S.5.S.*.Sc"PS.*.S.*.Sd*.Sn"RS.*.S...S.*.S.U.R.*.S...S.*.S...S.*.SuX.R.*.S*,.S.*.SRich.*.S........................PE..L....\.d........../.................l.............@...................................$.........................................x....0...A.......... .#..l...........................................................................................text............................... ..`.rdata...:.......<..................@..@.data....$..........................@....sxdata...... ......................@....rsrc....A...0...B..................@..@................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\WeatherZero\WeatherZeroConfig.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):479
                                                                                                                                                                                                                                                                        Entropy (8bit):5.449488395719693
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:MMHdDa8iPiRmRFgnrRXZlpqa5kHhHXEO9FXE595Ajub:Jd+8GsrNkaSBHXE8FXE59x
                                                                                                                                                                                                                                                                        MD5:B3AB39F64394BFC6177434DB48CBCEA0
                                                                                                                                                                                                                                                                        SHA1:B8EAC02DC7E52E48E5AFFB669DC947AB3DDBC81E
                                                                                                                                                                                                                                                                        SHA-256:912D536EA6620D03A31250CF59107857DD3EA12AE1F628C9D3DB1C0A69221303
                                                                                                                                                                                                                                                                        SHA-512:7734EA707C120E79DED87375EC708A8A0FA6D1921D7971EA00B309B983832675155A9174E055E5934473A9DD6077DFE14FF9F091787A125F56C5A0E284EFF894
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-16"?>..<WFSettings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">.. <WeatherCondition>None</WeatherCondition>.. <TemperatureUnit>Fahrenheit</TemperatureUnit>.. <LastQueryDt>0001-01-01T00:00:00</LastQueryDt>.. <igi>DF4E7397994EE5D86AD1C8FEEA899434</igi>.. <CloseToTray>true</CloseToTray>.. <StartUponBoot>true</StartUponBoot>.. <AppClosedByUser>false</AppClosedByUser>..</WFSettings>

                                                                                                                                                                                                                                                                        C:\Users\user\Desktop\Cheat Engine.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jul 27 21:25:12 2024, mtime=Sat Jul 27 21:25:22 2024, atime=Fri Sep 30 18:37:02 2022, length=399264, window=hide
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):931
                                                                                                                                                                                                                                                                        Entropy (8bit):4.5256673287927915
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:8m+vO9C40YXoTh9g+dpF4AyKTcdDg0zKF7TjEjA8qM+bdpMwkbdpMVir0mV:8mQON8deKTyK5QAnjdidQxm
                                                                                                                                                                                                                                                                        MD5:72C4E2AB6D9E080CAA87F5086BBAFA05
                                                                                                                                                                                                                                                                        SHA1:F7DF66444465BF053D47BF646F0E2923860FFDCE
                                                                                                                                                                                                                                                                        SHA-256:E54A4FB7761B28EFC2BA04C80ADF6761D1256C3DBE650E74A94046431C5B002C
                                                                                                                                                                                                                                                                        SHA-512:AB727EBEDA782216E1DE73F7F72A2BBD20A740C9748C9E7873D2FCB1333D9ACA960A732E92E3A28A1F0DBBA01EB9E765629FC9963599CF4FD5F68F40C13AC503
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                        Preview:L..................F.... .......s.......s....CV..................................P.O. .:i.....+00.../C:\.....................1......X&...PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X,...CHEATE~1.5..R.......X&..X,.....-?........................C.h.e.a.t. .E.n.g.i.n.e. .7...5.....n.2.....>U.. .CHEATE~1.EXE..R.......X'..X'.....1?........................C.h.e.a.t. .E.n.g.i.n.e...e.x.e.......a...............-.......`............+.).....C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe..8.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t. .E.n.g.i.n.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......124406...........hT..CrF.f4... ..a.gL...,...E...hT..CrF.f4... ..a.gL...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):7.99529226555835
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                                                                        • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                                        • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                                                                        • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                        File name:SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                                                                                                                                                                                                                                                        File size:29'977'368 bytes
                                                                                                                                                                                                                                                                        MD5:28a85ba5396fcfa8a5f794f04dce35e4
                                                                                                                                                                                                                                                                        SHA1:c730d730e167d68a41a8382823c181ff9a75a891
                                                                                                                                                                                                                                                                        SHA256:d77fbaa35585f25de3f492e4e3d0bfa6f0f73b053fd6a64058766fef75eca04e
                                                                                                                                                                                                                                                                        SHA512:9aa41988b028689ed848ab18bfbc8957d139ccdbd452cda2fa9f0a7a5fb7b73751e0006a0f7830eac43127d9042fff9deb9041f3a3076a1f397e4b7bbd9019f9
                                                                                                                                                                                                                                                                        SSDEEP:786432:4CxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHOP:dEXFhV0KAcNjxAItjOP
                                                                                                                                                                                                                                                                        TLSH:1E67333FA264743EC89E5E320A739250A57B6A60781F8D1E0BF0494DCF365711E3EA5B
                                                                                                                                                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x4b5eec
                                                                                                                                                                                                                                                                        Entrypoint Section:.itext
                                                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                        Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                                                                                        Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                                                        • 14/12/2022 00:00:00 13/12/2024 23:59:59
                                                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                                                        • CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL
                                                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                                                        Thumbprint MD5:B057F334F42D0F37E84463F374A5B612
                                                                                                                                                                                                                                                                        Thumbprint SHA-1:9CD94C59500A37C757F126042A8CD752D0C7964D
                                                                                                                                                                                                                                                                        Thumbprint SHA-256:FAEC8CE72964F915A0FE531FDB46BBF6094F24246F654A9B2A08939A9D366C6F
                                                                                                                                                                                                                                                                        Serial:00FBD01E95FDDDDC33E3C218C60DA73E12

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        add esp, FFFFFFA4h
                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                                                        mov eax, 004B10F0h
                                                                                                                                                                                                                                                                        call 00007FE584D4EB45h
                                                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        push 004B65E2h
                                                                                                                                                                                                                                                                        push dword ptr fs:[eax]
                                                                                                                                                                                                                                                                        mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                                        xor edx, edx
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        push 004B659Eh
                                                                                                                                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                        mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                                                        call 00007FE584DF126Fh
                                                                                                                                                                                                                                                                        call 00007FE584DF0DC2h
                                                                                                                                                                                                                                                                        lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                                                        call 00007FE584D645B8h
                                                                                                                                                                                                                                                                        mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                        mov eax, 004C1D84h
                                                                                                                                                                                                                                                                        call 00007FE584D49737h
                                                                                                                                                                                                                                                                        push 00000002h
                                                                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                                                                        push 00000001h
                                                                                                                                                                                                                                                                        mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                                                        mov dl, 01h
                                                                                                                                                                                                                                                                        mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                                                                                        call 00007FE584D6561Fh
                                                                                                                                                                                                                                                                        mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                                                        xor edx, edx
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        push 004B654Ah
                                                                                                                                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                        call 00007FE584DF12F7h
                                                                                                                                                                                                                                                                        mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                        cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                                                        jne 00007FE584DF78DAh
                                                                                                                                                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                        mov edx, 00000028h
                                                                                                                                                                                                                                                                        call 00007FE584D65F14h
                                                                                                                                                                                                                                                                        mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x4800.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x1c955a00x1578
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rsrc0xc70000x48000x48009f25ea605614c16e9bf3ed44e2511d8bFalse0.3160807291666667data4.4211085622066575IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_ICON0xc74c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                                                                                                                                        RT_ICON0xc75f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                                                                                                                                        RT_ICON0xc7b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                                                                                                                                        RT_ICON0xc7e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                                                                                                                                        RT_STRING0xc86e80x360data0.34375
                                                                                                                                                                                                                                                                        RT_STRING0xc8a480x260data0.3256578947368421
                                                                                                                                                                                                                                                                        RT_STRING0xc8ca80x45cdata0.4068100358422939
                                                                                                                                                                                                                                                                        RT_STRING0xc91040x40cdata0.3754826254826255
                                                                                                                                                                                                                                                                        RT_STRING0xc95100x2d4data0.39226519337016574
                                                                                                                                                                                                                                                                        RT_STRING0xc97e40xb8data0.6467391304347826
                                                                                                                                                                                                                                                                        RT_STRING0xc989c0x9cdata0.6410256410256411
                                                                                                                                                                                                                                                                        RT_STRING0xc99380x374data0.4230769230769231
                                                                                                                                                                                                                                                                        RT_STRING0xc9cac0x398data0.3358695652173913
                                                                                                                                                                                                                                                                        RT_STRING0xca0440x368data0.3795871559633027
                                                                                                                                                                                                                                                                        RT_STRING0xca3ac0x2a4data0.4275147928994083
                                                                                                                                                                                                                                                                        RT_RCDATA0xca6500x10data1.5
                                                                                                                                                                                                                                                                        RT_RCDATA0xca6600x2c4data0.6384180790960452
                                                                                                                                                                                                                                                                        RT_RCDATA0xca9240x2cdata1.25
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xca9500x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                                                                                        RT_VERSION0xca9900x584dataEnglishUnited States0.26416430594900847
                                                                                                                                                                                                                                                                        RT_MANIFEST0xcaf140x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                                                        comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                                        version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                                        user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                                                        oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                                                        netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                                        advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                                                        Exports

                                                                                                                                                                                                                                                                        NameOrdinalAddress
                                                                                                                                                                                                                                                                        TMethodImplementationIntercept30x454060
                                                                                                                                                                                                                                                                        __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                                                        dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                        DutchNetherlands
                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        2024-07-28T00:27:09.914983+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        2024-07-28T00:24:39.729731+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971620.114.59.183192.168.2.9
                                                                                                                                                                                                                                                                        2024-07-28T00:25:45.629458+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        2024-07-28T00:24:39.490719+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:27:12.305621+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        2024-07-28T00:25:47.368006+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        2024-07-28T00:24:35.603984+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:25:04.841351+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:25:28.668087+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        2024-07-28T00:27:11.118206+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        2024-07-28T00:24:34.165315+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:24:36.741116+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:25:07.422940+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:25:18.037392+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434974120.114.59.183192.168.2.9
                                                                                                                                                                                                                                                                        2024-07-28T00:25:09.261956+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:25:46.479746+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        2024-07-28T00:25:48.664849+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        2024-07-28T00:24:28.710730+0200TCP2053280ET ADWARE_PUP Win32/OfferCore Checkin M149708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        2024-07-28T00:24:30.158856+0200TCP2053283ET ADWARE_PUP Win32/OfferCore Checkin M249709443192.168.2.918.173.206.112

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.211450100 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.211494923 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.211581945 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.214334011 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.214354992 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.940217018 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.940315008 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.945442915 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.945471048 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.945717096 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.988454103 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.253326893 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.253360033 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.253607988 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710720062 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710747004 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710756063 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710793018 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710823059 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710838079 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710854053 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710876942 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710886002 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710901976 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.710933924 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.713922024 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.713938951 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.713951111 CEST49708443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.713956118 CEST4434970818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.817538977 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.817574024 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.817662001 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.817982912 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:28.818006039 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.583129883 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.583307028 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.585568905 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.585576057 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.585815907 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.587361097 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.587404966 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:29.587413073 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159015894 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159248114 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159306049 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159463882 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159463882 CEST49709443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159485102 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.159495115 CEST4434970918.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.278466940 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.278506041 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.278610945 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.278873920 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:30.278892994 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.035785913 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.035978079 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.037976027 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.037983894 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.038831949 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.040137053 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.080503941 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.313920975 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326354980 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326404095 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326445103 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326462030 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326499939 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.326515913 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.405635118 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.405685902 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.405740976 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.405755043 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.405810118 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.408281088 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414566994 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414613962 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414719105 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414719105 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414727926 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.414772034 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.495776892 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.495848894 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.495907068 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.495922089 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.495991945 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496680021 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496721983 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496762037 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496777058 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496824026 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.496824026 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.497075081 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.497092009 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.497103930 CEST49710443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.497108936 CEST4434971018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.614761114 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.614799976 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.614914894 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.615297079 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:31.615310907 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.390115976 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.390297890 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.400913000 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.400932074 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.401484013 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.403100967 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.448493958 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.676908016 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.676964998 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.677031994 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.677135944 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.677165985 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.677377939 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.764750004 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.764772892 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.764952898 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.764970064 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.765032053 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.770873070 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.770889044 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.770978928 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.770978928 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.771090984 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.771342993 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.771342993 CEST49711443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.771367073 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.771370888 CEST4434971118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.831727028 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.831780910 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.831962109 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.832468987 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:32.832492113 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.600298882 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.600383997 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.602487087 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.602503061 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.602747917 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.604245901 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.604245901 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:33.604269028 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165321112 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165828943 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165895939 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165950060 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165977001 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165988922 CEST49712443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.165996075 CEST4434971218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.329816103 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.329854012 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.329983950 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.330343008 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:34.330357075 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.058423042 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.058526993 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.060072899 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.060081959 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.060451984 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.061680079 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.061680079 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.061698914 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604026079 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604100943 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604156017 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604362011 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604382038 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604393005 CEST49713443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.604403973 CEST4434971318.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.629437923 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.629481077 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.629555941 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.629965067 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:35.629977942 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.375355005 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.375746012 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.376725912 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.376732111 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.377639055 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.378978968 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.379009008 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.379014015 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741086006 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741528988 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741616011 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741688967 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741739988 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741764069 CEST49714443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.741770029 CEST4434971418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.910804987 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.910835981 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.910916090 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.911228895 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:36.911242008 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.941828966 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.941999912 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.944291115 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.944344044 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.944622040 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.946058989 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.946099997 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:38.946116924 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.490772963 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.490859032 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.490911961 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.491183043 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.491208076 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.491223097 CEST49715443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.491229057 CEST4434971518.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.513956070 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.514013052 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.514096975 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.514708042 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:39.514731884 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.273581982 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.273667097 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.274905920 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.274920940 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.275165081 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.277352095 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.324502945 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.568795919 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578664064 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578685999 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578747034 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578803062 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578831911 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.578874111 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.661623001 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.661688089 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.661717892 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.661731958 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.661776066 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.662030935 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.662055016 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.662184954 CEST49718443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:40.662190914 CEST4434971818.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.488115072 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.488158941 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.488274097 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.488760948 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.488774061 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.216265917 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.216506958 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.218729973 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.218739033 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.218941927 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.222376108 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.268515110 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.708151102 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.708173037 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.708381891 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.708409071 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.708456039 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.790740013 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.790827036 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.797462940 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.797472954 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.797552109 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.797564030 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.797610998 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.800204992 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.800280094 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804683924 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804759026 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804765940 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804776907 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804812908 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804871082 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.804990053 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.805003881 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.805023909 CEST49719443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.805028915 CEST4434971918.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.821722031 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.821755886 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.821883917 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.822460890 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:55.822474003 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.600739956 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.600852966 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.619831085 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.619848013 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.620085001 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.659002066 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.700508118 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.908941984 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.908965111 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.908971071 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909010887 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909029961 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909198999 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909198999 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909215927 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.909281015 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.988658905 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.988683939 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.988920927 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.988939047 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:56.988996029 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.005701065 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.005726099 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.005927086 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.005935907 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.005984068 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.076354027 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.076371908 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.076570988 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.076586962 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.076634884 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.077944994 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.077960968 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.078058958 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.078067064 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.078114033 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.079793930 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.079809904 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.079879045 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.079885960 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.079927921 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.112497091 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.112510920 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.112716913 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.112725973 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.112798929 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.165371895 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.165390015 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.165508986 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.165527105 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.165597916 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.166719913 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.166738987 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.166807890 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.166815996 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.166852951 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.167303085 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.167320013 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.167370081 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.167376041 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.167411089 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.168912888 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.168931961 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.168992043 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.168999910 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.169035912 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.178061962 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.178078890 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.178204060 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.178217888 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.178314924 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416557074 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416573048 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416626930 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416647911 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416666031 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416716099 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416716099 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416882038 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416903019 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416941881 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416956902 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416996002 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.416996002 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417496920 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417516947 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417593002 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417593002 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417601109 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.417788982 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418363094 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418382883 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418459892 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418459892 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418467045 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.418508053 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421593904 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421618938 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421699047 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421699047 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421710968 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.421875000 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.422534943 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.422557116 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.422606945 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.422624111 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.422749996 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423116922 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423136950 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423226118 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423226118 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423233986 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423314095 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423861027 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423882961 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423919916 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423933029 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423988104 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.423988104 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424776077 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424798012 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424844027 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424860954 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424906015 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.424906015 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425641060 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425662994 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425703049 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425721884 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425757885 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.425757885 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426614046 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426634073 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426673889 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426687956 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426742077 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.426742077 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427434921 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427454948 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427503109 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427510023 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427558899 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427558899 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427841902 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427861929 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427900076 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427911997 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427954912 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.427954912 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.428960085 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.428981066 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.429023027 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.429028988 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.429086924 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.429086924 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432168961 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432199001 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432235956 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432250977 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432290077 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432290077 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432887077 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432915926 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432969093 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432976007 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.432986975 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433012962 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433027983 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433033943 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433085918 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433085918 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433890104 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433907986 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433957100 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.433964014 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434000015 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434012890 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434499025 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434518099 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434588909 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434588909 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434596062 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434643984 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434859037 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434880018 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434928894 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434935093 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434946060 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434978962 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.434978962 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435019016 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435069084 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435297012 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435311079 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435318947 CEST49720443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.435323954 CEST4434972018.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.464256048 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.464329004 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.464432955 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.464739084 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:57.464755058 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.222181082 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.222650051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.225281954 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.225311995 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.225668907 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.228710890 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.276499033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.513653994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.523729086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.523762941 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.523847103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.523919106 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.523962021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.524003029 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.526433945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.526508093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.609556913 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.609591007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.609697104 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.609724998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.609792948 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.613651991 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.613694906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.613723993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.613738060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.613780975 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.698786974 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.698822975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699022055 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699042082 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699093103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699891090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699913979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.699990988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.700001001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.700068951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.700723886 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.700786114 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703646898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703665972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703708887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703718901 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703732014 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.703758001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708815098 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708836079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708897114 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708908081 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708971977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.708990097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791253090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791285992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791340113 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791356087 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791392088 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791419983 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791891098 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791912079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791946888 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791954994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.791992903 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792010069 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792548895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792568922 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792633057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792639971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.792681932 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.794936895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.794962883 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.795027018 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.795037985 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.795063972 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.795084000 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796360016 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796381950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796451092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796461105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796504974 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796871901 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796892881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796935081 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796941996 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796968937 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.796988010 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798666000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798685074 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798742056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798753023 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798783064 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.798803091 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851344109 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851366997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851485014 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851505995 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851541996 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.851794004 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884027958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884052992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884164095 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884180069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884244919 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884524107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884543896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884578943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884587049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884638071 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.884654045 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885356903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885376930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885432005 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885441065 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885466099 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.885484934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887211084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887231112 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887276888 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887285948 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887310982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.887329102 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.888747931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.888784885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.888813019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.888820887 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.888848066 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.889261961 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.889281988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.889317036 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.889323950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.889349937 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.890974998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.890994072 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.896495104 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.896684885 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.902432919 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.943854094 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.943872929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.943969965 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.943983078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.944050074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.975881100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.975954056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976774931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976794958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976836920 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976851940 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976901054 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.976938009 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977274895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977293015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977329969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977338076 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977363110 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977380991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.977999926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.978018045 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.978054047 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.978060961 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.978089094 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.978105068 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.979695082 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.979715109 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.979760885 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.979769945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.979810953 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981092930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981112003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981153011 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981163979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981184959 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981201887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981257915 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981311083 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981852055 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981870890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981909037 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981915951 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981931925 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.981980085 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986427069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986448050 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986500025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986510038 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986536026 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:58.986555099 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.068603992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.068634033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.068763018 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.068782091 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.068855047 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069096088 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069116116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069152117 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069159031 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069186926 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069204092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069961071 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.069979906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070015907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070024014 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070056915 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070072889 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070383072 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070427895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070447922 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070456028 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070482016 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.070502043 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072757006 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072777033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072829962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072839975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072874069 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.072901011 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074038029 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074055910 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074096918 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074105978 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074143887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074157953 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074460983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074479103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074516058 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074522972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074548960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.074564934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.078814030 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.078831911 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.078943968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.078954935 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.079008102 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.085386992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161766052 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161792994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161914110 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161936998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161951065 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161974907 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161984921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.161990881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162030935 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162077904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162735939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162754059 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162826061 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162834883 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.162875891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.163281918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.163300991 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.163372993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.163378954 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.163418055 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.164964914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.164983988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.165046930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.165056944 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.165080070 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.165100098 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166364908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166384935 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166426897 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166435957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166457891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166472912 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166932106 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166950941 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166990042 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.166996002 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.167021036 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.167038918 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.171180010 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.171199083 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.171267986 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.171278000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.171317101 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.221493959 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.221637964 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254426003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254447937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254582882 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254596949 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254865885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254889011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254949093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254956007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.254982948 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.255547047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.255563974 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.255603075 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.255609035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.255624056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.257287979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.257311106 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.257342100 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.257352114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.257375002 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258430958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258450031 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258491039 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258500099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258533955 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258893013 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258950949 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.258958101 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.259387970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.259409904 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.259443998 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.259449959 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.259475946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263668060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263685942 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263721943 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263741016 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263752937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.263788939 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.346816063 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.346849918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.346892118 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.346918106 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.346932888 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347137928 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347476006 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347501993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347543001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347549915 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.347563982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.348047972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.348067999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.348104954 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.348110914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.348133087 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.349478960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.349514008 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.349538088 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.349545956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.349565029 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.350821018 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.350840092 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.350884914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.350893974 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.350907087 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.351417065 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.351442099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.351471901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.351480007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.351491928 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.353766918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.353787899 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.353847027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.353847027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.353857994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.394927025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.429543018 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.429574966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.429786921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.429827929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.430018902 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.439380884 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.439404011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.439485073 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.439502001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.439642906 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440083027 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440100908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440162897 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440176010 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440203905 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440222025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440505981 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440531969 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440576077 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440587997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440613031 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.440634966 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442246914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442272902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442323923 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442334890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442362070 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.442383051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.443933964 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.443954945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444010019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444034100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444061041 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444082975 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444436073 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444456100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444516897 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444530964 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444562912 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.444582939 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.446425915 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.446454048 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.446533918 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.446552038 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.446605921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.527926922 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.527960062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.528193951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.528260946 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.528330088 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555027008 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555052042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555139065 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555193901 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555227995 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.555258036 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.556456089 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.556493998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.556574106 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.556590080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.556643963 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.558443069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.558469057 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.558533907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.558552027 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.558608055 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573347092 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573369980 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573479891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573517084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573637962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.573637962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574314117 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574331999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574403048 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574417114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574486017 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574692965 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574712038 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574775934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574789047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.574842930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575282097 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575303078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575361013 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575372934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575402021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.575424910 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.620348930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.620373964 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.620589018 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.620613098 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.620794058 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647399902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647433996 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647599936 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647599936 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647644997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.647711039 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.648941994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.648962021 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.649034977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.649049997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.649111032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.650883913 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.650902987 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.650968075 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.650980949 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.651036978 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.665996075 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666017056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666093111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666105032 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666161060 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666378021 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666397095 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666469097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666480064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.666532993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667287111 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667305946 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667371988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667383909 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667437077 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667937040 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.667958975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.668004990 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.668015957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.668040991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.668071032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.713077068 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.713104963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.713290930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.713313103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.713363886 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.739950895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.739979982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.740144968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.740192890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.740278959 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741319895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741339922 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741395950 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741419077 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741444111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.741475105 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.743953943 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.743972063 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.744024992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.744038105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.744065046 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.744105101 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.758558035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.758584023 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.758718967 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.758750916 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.758802891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759001970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759026051 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759073019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759085894 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759114027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759140015 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759665966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759685993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759754896 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759767056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.759861946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760366917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760385036 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760432959 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760445118 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760469913 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.760530949 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.805413961 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.805442095 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.805572033 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.805596113 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.805645943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.832592010 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.832617044 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.832729101 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.832772017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.832838058 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.833911896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.833930969 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.834000111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.834012985 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.834070921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.836041927 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.836060047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.836136103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.836146116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.836194992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859052896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859074116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859378099 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859441042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859496117 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859508991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859522104 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859539032 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859570980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.859605074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860049009 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860069990 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860130072 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860146046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860202074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860759974 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860781908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860842943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860857010 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.860910892 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.898412943 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.898437977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.898608923 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.898660898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.898734093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927386999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927405119 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927484035 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927508116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927557945 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927912951 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927927017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927989960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.927994967 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.928035021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.929889917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.929907084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.929979086 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.929982901 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.930058002 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.944972038 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.944988012 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945086002 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945096970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945333004 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945380926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945394993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945467949 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945497036 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945581913 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945985079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.945997953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.946070910 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.946084023 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.946142912 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.946988106 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.947001934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.947074890 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.947087049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:59.947143078 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.011919975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.011941910 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.012047052 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.012070894 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.012120008 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022445917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022464037 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022547960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022557020 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022608042 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.022990942 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023005962 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023080111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023087025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023133039 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023761034 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023775101 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023843050 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023850918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.023895979 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.039971113 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.039997101 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040061951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040083885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040112019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040143013 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040616989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040637016 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040716887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040723085 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.040766001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.041177034 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.041197062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.041260958 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.041266918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.041312933 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.042063951 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.042083025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.042154074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.042165041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.042211056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.104718924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.104748011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.104891062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.104957104 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.105026960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114686966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114711046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114783049 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114845991 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114882946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.114907980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.115217924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.115236998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.115323067 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.115339994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.115396023 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.116101027 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.116120100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.116189957 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.116200924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.116254091 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.132406950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.132428885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.132525921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.132550001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.132606983 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133083105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133101940 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133163929 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133176088 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133203030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133225918 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133860111 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133879900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133936882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133949041 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.133963108 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.134002924 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.134027004 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210318089 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210340023 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210423946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210448980 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210498095 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210813046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210828066 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210891008 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210896015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.210942984 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.211534023 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.211555958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.211620092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.211631060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.211673021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.212392092 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.212405920 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.212475061 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.212491989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.212532997 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225342035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225357056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225426912 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225447893 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225497961 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225872993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225888014 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225969076 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.225972891 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226035118 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226795912 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226811886 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226862907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226871014 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226897001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.226912975 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227061033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227073908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227128029 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227139950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227154970 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.227175951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.302849054 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.302869081 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.302989006 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303013086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303059101 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303495884 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303513050 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303580046 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303586006 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.303632021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304049015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304064035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304136992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304142952 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304184914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304347992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304362059 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304419994 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304425001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.304467916 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.317368984 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.317384005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.317446947 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.317452908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.317495108 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318135977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318149090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318212032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318217039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318257093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318623066 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318638086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318702936 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318707943 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.318748951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.319207907 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.319222927 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.319288969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.319293976 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.319334030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395409107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395426035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395530939 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395549059 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395596027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395891905 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395910025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395956993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395962000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.395983934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396024942 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396420956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396436930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396496058 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396501064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.396545887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.397564888 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.397581100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.397661924 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.397666931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.397711992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410203934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410219908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410290003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410295963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410341024 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410840988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410856009 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410912991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410917997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410945892 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.410967112 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411525011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411539078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411616087 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411621094 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411668062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411957979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.411972046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.412038088 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.412043095 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.412085056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488013983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488039017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488138914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488162994 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488200903 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488430977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488445997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488548040 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488554001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.488599062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.489306927 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.489320993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.489379883 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.489384890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.489423037 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.490025997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.490040064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.490098953 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.490104914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.490144968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.502700090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.502718925 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.502784014 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.502789974 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.502831936 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503295898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503313065 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503369093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503376007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503396988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503417015 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503813028 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503828049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503892899 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503897905 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.503942013 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.504743099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.504759073 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.504815102 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.504821062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.504862070 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.603653908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.603674889 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.603784084 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.603804111 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.603849888 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604074001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604089975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604140997 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604146004 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604185104 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604600906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604614973 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604681969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604687929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.604727030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606038094 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606053114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606107950 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606112957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606137991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.606163025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.621674061 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.621691942 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.621792078 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.621802092 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.621848106 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622134924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622149944 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622214079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622220039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622262001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622749090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622761965 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622811079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622816086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622843027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.622859001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.623619080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.623632908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.623703003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.623708010 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.623749971 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696008921 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696029902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696126938 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696150064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696197033 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696856022 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696871042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696943045 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696949005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.696995974 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.697221041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.697235107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.697297096 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.697302103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.697345972 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.698153019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.698167086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.698230982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.698235989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.698278904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713319063 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713337898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713409901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713419914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713468075 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713721037 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713735104 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713799000 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713804007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.713845968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714225054 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714241982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714298010 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714303970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714329004 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714349031 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714833975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714854956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714935064 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714941025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.714982033 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.788746119 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.788769960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.788853884 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.788882971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.788933992 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789248943 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789267063 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789330959 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789335966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789380074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789968967 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.789982080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790046930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790051937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790097952 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790733099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790747881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790811062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790816069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.790859938 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.805514097 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.805529118 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.805614948 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.805623055 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.805665016 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806140900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806154966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806226969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806231976 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806279898 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806807041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806823015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806890011 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806895971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.806938887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.807522058 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.807538033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.807604074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.807610035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.807656050 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881261110 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881283045 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881369114 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881397963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881445885 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.881992102 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882006884 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882085085 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882091045 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882139921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882390022 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882405043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882468939 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882474899 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.882519007 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.883018970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.883034945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.883094072 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.883100033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.883142948 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898027897 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898044109 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898122072 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898164988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898216009 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898679018 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898695946 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898762941 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898773909 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.898830891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899287939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899302006 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899425030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899437904 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899518967 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899817944 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899833918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899935007 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.899947882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.900029898 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.974219084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.974252939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.974396944 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.974462032 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.974562883 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975039959 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975066900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975215912 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975245953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975270987 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975290060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975331068 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975338936 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975455046 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975863934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975898981 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975950003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.975956917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.976018906 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.990813971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.990829945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991005898 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991015911 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991111994 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991247892 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991261005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991355896 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991364002 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.991460085 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992018938 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992033958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992158890 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992168903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992249966 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992724895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992739916 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992850065 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992858887 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:00.992970943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067102909 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067123890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067316055 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067378998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067471981 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067706108 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067723036 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067826986 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067840099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067939043 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067945004 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067955971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.067996025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.068044901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.068059921 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.068159103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069034100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069089890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069173098 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069242001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069293022 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.069318056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.083514929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.083555937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.083677053 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.083687067 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.083759069 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084033966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084058046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084141016 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084146976 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084229946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084737062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084762096 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084868908 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084875107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.084955931 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.085468054 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.085493088 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.085587025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.085592985 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.085671902 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.159730911 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.159754992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.159961939 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160029888 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160150051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160288095 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160304070 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160454988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160469055 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160572052 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160881042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160897970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.160991907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161004066 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161092997 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161695957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161724091 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161794901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161809921 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.161909103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176204920 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176228046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176405907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176459074 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176572084 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176897049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.176913977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177033901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177050114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177175999 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177529097 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177544117 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177663088 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177675009 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.177779913 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.178154945 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.178169966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.178287029 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.178298950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.178386927 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252418041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252448082 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252548933 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252572060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252619028 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.252990961 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253007889 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253053904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253060102 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253089905 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253101110 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253609896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253624916 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253694057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253700018 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.253741026 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.254292965 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.254308939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.254378080 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.254384041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.254426956 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.268863916 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.268887043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.268970013 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.268976927 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269021988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269541025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269560099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269625902 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269637108 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.269692898 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270210981 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270231009 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270307064 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270318031 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270380974 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270901918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270917892 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270987034 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.270999908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.271054983 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345144033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345177889 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345283985 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345310926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345360041 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345490932 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345510960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345563889 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345570087 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.345613003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346206903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346226931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346271038 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346276999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346301079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346311092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346785069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346802950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346847057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346852064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346880913 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.346889973 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.361584902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.361610889 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.361701965 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.361710072 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.361752987 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362202883 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362221003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362266064 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362271070 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362293005 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362317085 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362935066 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362952948 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362988949 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.362993956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363018990 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363029003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363478899 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363496065 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363548040 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363553047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.363593102 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.437446117 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.437479019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.437732935 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.437796116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.437865973 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438249111 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438272953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438323975 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438345909 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438370943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438412905 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438971043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.438988924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439039946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439057112 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439080000 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439102888 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439368963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439385891 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439429998 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439440966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439465046 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.439486980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454124928 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454155922 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454231024 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454246998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454413891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454413891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454837084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454864979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454907894 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454919100 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454946995 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.454993963 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455267906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455292940 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455334902 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455346107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455372095 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455394030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455897093 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455924034 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455965996 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.455976963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.456003904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.456022024 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.474788904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533555031 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533584118 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533817053 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533848047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533910990 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533920050 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533931971 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533953905 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.533993006 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534001112 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534060001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534771919 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534792900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534832001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534873962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534879923 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.534938097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.535211086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.535235882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.535324097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.535329103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.546952963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.546983004 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547029972 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547038078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547071934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547554016 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547571898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547609091 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547615051 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.547636032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548304081 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548326969 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548366070 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548372030 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548386097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548908949 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548928976 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548974991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.548985958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.549015045 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.597907066 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623294115 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623326063 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623558044 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623558044 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623583078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623609066 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623631954 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623636007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623655081 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623692989 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.623725891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624329090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624351978 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624389887 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624396086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624409914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.624440908 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626363039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626386881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626424074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626429081 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626461029 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.626476049 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639426947 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639453888 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639621973 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639621973 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639628887 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.639678001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640022993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640045881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640084982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640089989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640121937 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640140057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640661001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640678883 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640744925 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640758038 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.640810966 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641063929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641083956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641128063 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641138077 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641163111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.641184092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.715943098 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.715970039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716016054 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716099977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716166973 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716243982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716772079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716793060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716850042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716861010 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716877937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716900110 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716912031 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716970921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716970921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.716985941 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.717044115 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.718802929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.718821049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.718893051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.718907118 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.718961000 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.732961893 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.732981920 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733069897 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733083963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733269930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733392954 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733412981 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733453989 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733458996 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733493090 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733503103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733691931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733710051 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733768940 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733778000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.733830929 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.734520912 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.734540939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.734612942 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.734622955 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.734671116 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.808675051 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.808717966 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.808990002 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809026957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809084892 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809165955 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809190989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809232950 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809238911 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809271097 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809288025 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809572935 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809598923 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809638023 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809643984 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809675932 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.809699059 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.811551094 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.811593056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.811635971 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.811642885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.811680079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.824996948 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825016975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825114012 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825135946 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825689077 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825702906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825866938 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.825875044 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826191902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826205015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826273918 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826283932 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826296091 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826812983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826828003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826877117 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826883078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.826913118 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.879295111 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.901299000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.901320934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.901575089 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.901607990 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.901686907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902113914 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902128935 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902172089 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902218103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902235031 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902242899 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.902367115 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904129982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904144049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904167891 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904262066 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904269934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.904326916 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.917563915 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.917602062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.917701006 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.917717934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.917892933 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918195009 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918210983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918313980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918319941 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918405056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918725014 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918740988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918848038 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918853998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.918946981 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.919239998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.919255018 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.919343948 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.919348955 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.919435978 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.993534088 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.993557930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.993720055 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.993750095 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.993844032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994254112 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994271040 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994389057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994396925 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994488955 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994926929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.994945049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.995037079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.995045900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.995136976 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.996800900 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.996819019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.996931076 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.996939898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:01.997024059 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.010934114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.010976076 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011085033 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011094093 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011301994 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011403084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011419058 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011507034 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011512995 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.011598110 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012042999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012058020 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012166977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012172937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012264013 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012887001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.012906075 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.013015032 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.013020039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.013107061 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086525917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086586952 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086848974 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086883068 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086901903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.086916924 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087011099 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087024927 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087106943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087538004 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087551117 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087652922 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087657928 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.087753057 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.089318991 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.089333057 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.089354992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.089452982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.089459896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.102916956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.102936983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103039980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103049040 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103512049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103523970 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103631020 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.103636980 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104244947 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104264975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104356050 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104362011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104962111 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.104985952 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.105215073 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.105221033 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.160542965 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388159990 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388179064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388231993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388358116 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388391972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388408899 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388446093 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388634920 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388645887 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388669968 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388700962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388708115 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388741016 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.388763905 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389426947 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389467001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389508963 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389514923 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389533997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389549017 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389559984 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389569044 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389589071 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389605045 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.389647961 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390362978 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390402079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390467882 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390467882 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390475988 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.390518904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.391263008 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.391294956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.391355038 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.391361952 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.391410112 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392210007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392257929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392321110 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392322063 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392322063 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392345905 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392385006 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.392426014 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.393193960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.393225908 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.393271923 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.393282890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.393297911 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394098043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394121885 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394165993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394171953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394201040 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394705057 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394725084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394805908 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.394814014 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395644903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395668983 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395714998 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395720005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395736933 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395749092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395756960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395793915 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395801067 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.395833969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396359921 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396383047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396429062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396435022 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396465063 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396898985 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396918058 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396972895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396981001 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.396994114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397017956 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397043943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397051096 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397080898 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397099018 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397882938 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397908926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397970915 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.397979021 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398024082 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398788929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398812056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398874998 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398880005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398891926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398915052 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398921967 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398926973 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398953915 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.398993969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399727106 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399749041 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399818897 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399825096 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399867058 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399940968 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.399962902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400017977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400023937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400065899 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400813103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400831938 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400897026 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400899887 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400912046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400945902 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400959969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400965929 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.400990963 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401011944 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401793003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401812077 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401874065 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401879072 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401907921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.401917934 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.456854105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.456887007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457062960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457062960 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457093954 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457154036 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457312107 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457335949 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457398891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457405090 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457463980 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457772017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457798958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457858086 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457864046 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.457916021 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459440947 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459469080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459523916 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459531069 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459559917 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.459575891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489168882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489196062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489316940 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489351034 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489413977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489624977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489655972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489701033 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489706993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489737988 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.489759922 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490258932 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490297079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490344048 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490350962 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490385056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490395069 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490569115 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490592957 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490638018 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490643978 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490674019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.490731955 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549436092 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549462080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549556017 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549587965 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549643993 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549834013 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549854040 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549915075 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549921989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.549967051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.550357103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.550376892 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.550441027 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.550447941 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.550494909 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552181005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552200079 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552253962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552259922 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552295923 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.552314043 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582159996 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582180977 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582370996 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582370996 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582403898 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582457066 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582470894 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582499027 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582535028 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582540989 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.582570076 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583142996 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583168030 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583179951 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583184958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583200932 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583235979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583242893 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583250999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583288908 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583733082 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583751917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583796024 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583801985 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583828926 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.583846092 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642189980 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642210007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642307043 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642337084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642390966 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642438889 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642457008 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642493963 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642501116 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642525911 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642543077 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642957926 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.642977953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.643033981 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.643039942 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.643084049 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.644661903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.644681931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.644761086 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.644768953 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.644814968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674562931 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674603939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674742937 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674742937 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674760103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.674810886 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675111055 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675139904 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675184011 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675189972 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675220966 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675230026 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675508022 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675529003 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675591946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675597906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.675642014 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676198006 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676219940 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676266909 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676273108 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676296949 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.676317930 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734431982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734453917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734648943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734680891 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734740019 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734920025 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734939098 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.734992981 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735001087 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735048056 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735392094 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735409975 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735469103 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735476017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.735519886 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.737128973 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.737149000 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.737210035 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.737216949 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.737262964 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768426895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768450022 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768646002 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768677950 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768871069 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768968105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.768989086 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769049883 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769057035 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769104958 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769227982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769243002 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769330978 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769336939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769382954 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769939899 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.769954920 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.770020962 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.770028114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.770071030 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827208042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827230930 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827506065 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827545881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827608109 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827672005 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827687979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827744961 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827752113 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827796936 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827884912 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.827949047 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.829430103 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.829447031 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.829523087 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.829530954 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.829576969 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832624912 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832642078 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832716942 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832726002 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832741022 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.832768917 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.860959053 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.860986948 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861260891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861279964 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861347914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861455917 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861473083 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861558914 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861571074 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861624956 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861941099 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861957073 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.861993074 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.862001896 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.862006903 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.862042904 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.910491943 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920022011 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920042992 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920283079 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920300007 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920416117 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920644045 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920660019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920716047 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920722961 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920737982 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.920768976 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.921333075 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.921349049 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.921406984 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.921411991 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.921456099 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923216105 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923229933 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923268080 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923285961 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923293114 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.923306942 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.952533960 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.952555895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.952635050 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.952666998 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954035997 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954050064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954109907 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954117060 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954741001 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954758883 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954799891 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954807043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.954838991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955395937 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955409050 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955459118 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955466032 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955481052 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:02.955507040 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012542963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012559891 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012773991 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012805939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012866020 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012914896 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012931108 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.012994051 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013000965 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013052940 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013592958 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013607979 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013670921 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013676882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.013731003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015748978 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015790939 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015820026 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015835047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015853882 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015856028 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015863895 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015883923 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.015894890 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046062946 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046084881 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046324968 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046355963 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046374083 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046392918 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046523094 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046524048 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046535015 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046585083 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046859026 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046871901 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046950102 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046956062 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.046998978 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.047363043 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.047408104 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.047430038 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.047435999 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.047468901 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.098073006 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.104963064 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.104986906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105134964 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105151892 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105209112 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105376959 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105390072 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105434895 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105442047 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105477095 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105488062 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105983019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.105998039 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.106059074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.106066942 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.106112003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.108160019 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.108175993 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.108236074 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.108247042 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.108289957 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.137665987 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.137712955 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.137851000 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.137872934 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.137924910 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.138875008 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.138890982 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.138957977 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.138966084 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139008045 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139718056 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139760017 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139775038 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139782906 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139812946 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139857054 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.139904022 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.140101910 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.140122890 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.140136003 CEST49721443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.140144110 CEST4434972118.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.510101080 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.510163069 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.510263920 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.510596037 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:03.510611057 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.265171051 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.265254974 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.266619921 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.266634941 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.266881943 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.268166065 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.268198013 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.268204927 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.412956953 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.413017035 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.413239956 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.431840897 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.431859970 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841403961 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841483116 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841650009 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841789007 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841815948 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841831923 CEST49722443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:04.841840029 CEST4434972218.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.270236015 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.270334959 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.278451920 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.278480053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.278825998 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.328274012 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.372505903 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856273890 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856352091 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856410980 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856425047 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856496096 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856523037 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.856539011 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.910403967 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947354078 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947393894 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947433949 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947443962 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947443962 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947470903 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947491884 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947500944 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947511911 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947513103 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947546005 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947559118 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947630882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947689056 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.947726965 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.948297977 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.948364019 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.948374987 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950699091 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950761080 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950768948 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950807095 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950819016 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950906992 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950977087 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.950984955 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.951026917 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.954813957 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:05.954883099 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.039906025 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.039975882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040043116 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040059090 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040230036 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040230036 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040709972 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040781021 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040785074 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040810108 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040838957 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.040843964 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041754961 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041806936 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041825056 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041832924 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041862965 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.041877985 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045387983 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045433998 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045470953 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045479059 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045506001 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.045514107 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.330172062 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.330229998 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.330315113 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.330857038 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.330878019 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.346940041 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347018957 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347084999 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347116947 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347131968 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347162008 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347357988 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347415924 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347446918 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347453117 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347479105 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347501040 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347836018 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347878933 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347934961 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347942114 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347968102 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.347979069 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348589897 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348634005 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348665953 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348671913 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348702908 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.348716021 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351849079 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351897001 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351933002 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351943016 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351965904 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.351978064 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352466106 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352533102 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352540970 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352561951 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352596045 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.352606058 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353267908 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353313923 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353343964 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353351116 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353378057 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.353393078 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354302883 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354355097 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354387999 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354394913 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354415894 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.354437113 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355129957 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355173111 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355206013 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355212927 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355247021 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355258942 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355422020 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355465889 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355499029 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355508089 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355520964 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.355541945 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356394053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356441975 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356477976 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356493950 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356515884 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.356542110 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357337952 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357387066 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357506037 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357506037 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357516050 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.357556105 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358113050 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358155966 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358184099 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358191967 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358215094 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.358230114 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359097004 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359148026 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359179020 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359186888 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359211922 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359222889 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359579086 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359607935 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359648943 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359654903 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359683037 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.359695911 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360457897 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360496044 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360528946 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360537052 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360558987 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.360574007 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361398935 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361423969 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361465931 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361473083 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361495018 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.361510992 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362293959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362324953 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362384081 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362392902 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362411022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362421989 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362670898 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362693071 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362750053 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362756968 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.362795115 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.363605022 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.363626003 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.363696098 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.363703966 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.363743067 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.364625931 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.364648104 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.364717007 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.364726067 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.364767075 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365304947 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365334034 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365385056 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365391970 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365418911 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365432024 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365760088 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365781069 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365854979 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365863085 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.365907907 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411123037 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411201954 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411207914 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411238909 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411267042 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411278963 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411297083 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411356926 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411374092 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411381960 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411411047 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411425114 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.411429882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412194967 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412247896 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412266016 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412281036 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412305117 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412343979 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412384987 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412405014 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412425041 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412446022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.412969112 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413016081 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413036108 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413053989 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413091898 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413579941 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413618088 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413640976 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413652897 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.413685083 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.414468050 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.414515972 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.414578915 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.414594889 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.414607048 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.418369055 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.418425083 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.418457031 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.418473005 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.418484926 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.460572004 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503403902 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503467083 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503499031 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503526926 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503540993 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503561020 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503609896 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503643990 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503674030 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503679037 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503693104 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.503747940 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504329920 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504374981 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504401922 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504407883 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504436016 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504453897 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504566908 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504597902 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504622936 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504627943 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504654884 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.504683018 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505265951 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505291939 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505332947 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505338907 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505367994 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505381107 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505775928 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505796909 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505826950 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505855083 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505862951 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.505878925 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.507738113 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.507762909 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.507803917 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.507817030 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.507842064 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.510957956 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.510977030 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.511022091 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.511029959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.511058092 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.551037073 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596666098 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596709013 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596749067 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596779108 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596791029 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.596817017 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597018957 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597062111 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597086906 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597091913 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597117901 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597131014 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597569942 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597618103 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597630024 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597635031 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597665071 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.597675085 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598058939 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598081112 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598121881 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598129988 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598153114 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598160982 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598165035 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598732948 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598757029 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598793030 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598799944 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598814011 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.598853111 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599154949 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599174023 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599208117 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599214077 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599241018 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.599246979 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600245953 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600272894 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600308895 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600317001 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600349903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.600366116 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604067087 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604098082 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604156017 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604162931 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604172945 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.604201078 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.644809008 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.662437916 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.662489891 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.662564039 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.663866043 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.663887978 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689266920 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689337015 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689383984 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689414978 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689425945 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689452887 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689483881 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689533949 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689552069 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689560890 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689588070 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.689599991 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690015078 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690057039 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690200090 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690208912 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690252066 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690349102 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690391064 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690423965 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690431118 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690455914 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690464973 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690838099 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690881014 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690907001 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690912962 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690939903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.690956116 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691334963 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691376925 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691407919 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691414118 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691437960 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.691451073 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692858934 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692903996 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692939997 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692950010 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692965984 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.692982912 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696722031 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696770906 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696806908 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696814060 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696837902 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.696856022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781497002 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781533003 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781599998 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781630039 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781642914 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781672001 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781912088 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781965971 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781986952 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.781991959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782018900 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782517910 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782560110 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782597065 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782603979 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.782634974 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783140898 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783183098 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783210993 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783220053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783229113 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783255100 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783293009 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783349991 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783454895 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783495903 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783528090 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783534050 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783560991 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.783580065 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784049988 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784101963 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784130096 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784137011 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784167051 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784188986 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.784195900 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.785891056 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.785944939 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.785969973 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.785978079 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.786004066 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.786025047 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.789536953 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.789581060 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.789617062 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.789624929 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.789655924 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.832288980 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874332905 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874402046 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874682903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874682903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874712944 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874778032 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874883890 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874937057 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874967098 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.874973059 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875000000 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875015974 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875196934 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875241041 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875271082 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875277996 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875300884 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875315905 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875612020 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875657082 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875684023 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875689983 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875729084 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.875729084 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876384974 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876435995 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876475096 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876486063 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876498938 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876529932 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876769066 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876840115 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876852036 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876885891 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876918077 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.876924992 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878444910 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878499031 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878530979 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878536940 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878561974 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878568888 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878585100 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.878645897 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882368088 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882411003 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882441998 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882448912 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882458925 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.882479906 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.926059008 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967221022 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967292070 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967331886 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967360020 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967371941 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.967617989 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968147039 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968194008 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968221903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968229055 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968249083 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968269110 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968321085 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968374968 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968394041 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968400955 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968415022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968436956 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968729973 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968775034 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968801022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968806982 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968836069 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.968851089 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969297886 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969351053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969379902 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969387054 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969414949 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969430923 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969924927 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.969976902 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.970005035 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.970010996 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.970032930 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.970046997 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971293926 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971347094 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971381903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971389055 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971401930 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.971424103 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975200891 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975250959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975292921 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975302935 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975326061 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.975344896 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.058917046 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.059031963 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.060339928 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.060380936 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.060733080 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.061661959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.061731100 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.061786890 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.061814070 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.061832905 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062060118 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062076092 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062093019 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062123060 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062136889 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062144995 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062159061 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062165976 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062200069 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062222004 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062722921 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062769890 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062803030 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062808037 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062839031 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.062853098 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063090086 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063131094 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063163042 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063169003 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063198090 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.063211918 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064032078 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064073086 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064121008 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064127922 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064136982 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064167976 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064429045 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064470053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064507008 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064523935 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064538956 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.064570904 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066057920 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066099882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066126108 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066133022 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066164970 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.066178083 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068137884 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068178892 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068217993 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068224907 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068243980 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.068264961 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154639006 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154674053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154850006 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154871941 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154920101 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.154969931 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155205965 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155289888 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155313015 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155380011 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155396938 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155570030 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155725002 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155746937 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155806065 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155819893 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.155894041 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156408072 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156428099 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156477928 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156488895 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156564951 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156768084 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.156861067 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.157325983 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.157346964 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.157401085 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.157408953 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.158363104 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.158387899 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.158423901 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.158431053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.158456087 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.160583019 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.160607100 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.160644054 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.160653114 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.160665989 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.207387924 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248601913 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248668909 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248712063 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248743057 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248755932 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248789072 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248859882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248903036 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248930931 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248938084 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248966932 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.248980999 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.252963066 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253002882 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253046989 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253053904 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253078938 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253096104 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253123045 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253166914 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253192902 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253199100 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253227949 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253238916 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253715992 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253760099 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253792048 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253798962 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253825903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253846884 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.253854990 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254482985 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254532099 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254554987 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254563093 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254590034 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254628897 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254667997 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254693031 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254699945 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.254733086 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.257112980 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.257159948 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.257190943 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.257198095 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.257210970 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.301222086 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340653896 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340717077 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340764046 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340779066 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340811968 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.340823889 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341092110 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341150045 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341166973 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341190100 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341221094 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341239929 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341629982 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341670036 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341708899 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341717005 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341737986 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.341757059 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.342300892 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.342343092 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.342370987 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.342377901 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.342406034 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.346586943 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.346623898 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.346666098 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.346673965 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.346704006 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347058058 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347094059 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347122908 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347131014 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347157955 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347414970 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347448111 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347486973 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347496033 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347521067 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347691059 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347753048 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347769022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347776890 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.347812891 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.394825935 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.422935963 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423017979 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423321009 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423521996 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423571110 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423602104 CEST49724443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.423619032 CEST4434972418.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433176994 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433238029 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433281898 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433314085 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433334112 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433882952 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433934927 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433948040 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.433959961 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434000015 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434060097 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434102058 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434128046 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434134007 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434159994 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434174061 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434488058 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434528112 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434556007 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434566021 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.434592962 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.436294079 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.438939095 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.438985109 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439030886 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439044952 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439081907 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439099073 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439507008 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439551115 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439728022 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439738989 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439809084 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439856052 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439872980 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439882040 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439909935 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.439933062 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.440136909 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.440202951 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.440221071 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.440264940 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.440291882 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.488533020 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526163101 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526232958 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526277065 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526290894 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526329994 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526338100 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526422977 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526489019 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526500940 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526520014 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526530027 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526550055 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526572943 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526654959 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526712894 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.526953936 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527003050 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527025938 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527033091 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527061939 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527072906 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527090073 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527781963 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527827978 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527875900 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527883053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.527915955 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531696081 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531725883 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531769037 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531775951 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531806946 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531825066 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.531968117 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532011986 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532028913 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532032967 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532059908 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532079935 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532430887 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532448053 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532506943 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532511950 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532588959 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532768965 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532790899 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532864094 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532870054 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.532912016 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.543843031 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.543934107 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.545636892 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.545660019 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.546037912 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.597907066 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.598850965 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.598891973 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.598907948 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.618844032 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.618876934 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.618952990 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.618980885 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.618994951 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619019985 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619221926 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619235992 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619282007 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619287014 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619313955 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619324923 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619642019 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619709015 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619715929 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619751930 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619781017 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.619796991 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620059967 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620111942 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620117903 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620130062 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620165110 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620430946 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.620503902 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626676083 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626729965 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626765013 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626773119 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626782894 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626908064 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626923084 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626966953 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.626972914 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627000093 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627213955 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627228975 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627275944 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627283096 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627306938 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627660990 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627684116 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627739906 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627746105 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.627862930 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.713579893 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.713598013 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.713663101 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.713687897 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.713732004 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714345932 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714373112 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714409113 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714413881 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714442015 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714456081 CEST4434972318.239.36.94192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714476109 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.714503050 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.767288923 CEST49723443192.168.2.918.239.36.94
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.893794060 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.894089937 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.895267010 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.896915913 CEST49725443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.896940947 CEST4434972552.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.941735983 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.941778898 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.941894054 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.942164898 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:07.942178011 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.124083042 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.124138117 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.124269962 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.133528948 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.133546114 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.544728994 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.597917080 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.653877020 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.653903008 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.654912949 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.654927969 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.654938936 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.654947042 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.891716957 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.896501064 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.900710106 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.902245045 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.902256966 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.902529001 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.903898954 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.903932095 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.903937101 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.905119896 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.905287027 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.905379057 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.905419111 CEST49726443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:08.905437946 CEST4434972652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262002945 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262073994 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262264967 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262392044 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262392044 CEST49727443192.168.2.918.173.206.112
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262444019 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.262479067 CEST4434972718.173.206.112192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.326297045 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.326339006 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.326414108 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.338881016 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.338901997 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.801029921 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.801100969 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.897294044 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.897321939 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.897675991 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.897753000 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.910608053 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.956499100 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:10.076653957 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:10.076741934 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:10.076858997 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:10.081485033 CEST49729443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:10.081511974 CEST44349729188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.139585018 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.139635086 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.139699936 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.140149117 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.140161037 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686707973 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686711073 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686750889 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686750889 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686819077 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.686986923 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.694155931 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.694159985 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.694175005 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.694179058 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.057168007 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.057230949 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.108401060 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.108432055 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.109213114 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:12.109219074 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226587057 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226663113 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226687908 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226702929 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226733923 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.226758003 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.247996092 CEST49730443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.248017073 CEST44349730188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.352299929 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.352365017 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.356066942 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.356143951 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.408128977 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.408168077 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.409209013 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.506632090 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.506664991 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.507251978 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.519807100 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.571191072 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.573970079 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.616508007 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.616523027 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.681330919 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.681493998 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.707031012 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.707056046 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.711615086 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.711642027 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.815596104 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.815721035 CEST4434973252.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.815774918 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.822602034 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.822770119 CEST4434973352.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.822846889 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.869045973 CEST49732443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.870034933 CEST49733443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.870338917 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.870368004 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.870887995 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.871191025 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.871201038 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.872026920 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.872051001 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.872136116 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.872415066 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:13.872423887 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.372942924 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.376791954 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.377413034 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.377445936 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.378295898 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.378323078 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.400126934 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.400162935 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.400253057 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.405535936 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.405546904 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.498348951 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.501373053 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.501410961 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.501514912 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.502090931 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.502130985 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.513036966 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.513091087 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.513176918 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.515789986 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.515824080 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.670378923 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.670495987 CEST4434973452.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.670574903 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.671384096 CEST49734443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.672013998 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.672141075 CEST4434973552.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.672202110 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.672563076 CEST49735443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.976628065 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.976700068 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.977823973 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.977838039 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.978061914 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:14.978070021 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.015583992 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.017679930 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.017707109 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.018714905 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.018722057 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.018851042 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.018856049 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237224102 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237302065 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237323046 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237446070 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237498045 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.237498045 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.240478992 CEST49737443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.240505934 CEST44349737188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.411519051 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.411643028 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.412291050 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.419629097 CEST49736443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.419656038 CEST4434973652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:16.689018965 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:16.689065933 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:16.689162016 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:16.690063953 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:16.690084934 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.187482119 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.187565088 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.188577890 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.188592911 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.188761950 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.188769102 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.362631083 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.362715006 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.362740040 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.362756968 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.362785101 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.363899946 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.365591049 CEST49740443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:17.365616083 CEST44349740188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.462986946 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.463042974 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.464380980 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.465137005 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.465147972 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.225218058 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.225287914 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.226191998 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.226210117 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.226385117 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.226393938 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.894583941 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.894835949 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.895802975 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.919265032 CEST49745443192.168.2.9188.114.96.3
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:22.919312000 CEST44349745188.114.96.3192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:23.548564911 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:23.548624039 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:23.548696995 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:23.550678015 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:23.550694942 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.212148905 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.219669104 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.219679117 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.220534086 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.220540047 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.220561028 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.220565081 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.464277029 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.464400053 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.464505911 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.466130018 CEST49747443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:24.466145992 CEST4434974752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.351818085 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.351851940 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.351919889 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.352322102 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.352335930 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.109778881 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.109872103 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.111885071 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.111896038 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.112226009 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.114450932 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.114485979 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.114491940 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.668121099 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.668656111 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.668814898 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.669125080 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.669143915 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.669164896 CEST49750443192.168.2.918.173.206.96
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:28.669171095 CEST4434975018.173.206.96192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.504648924 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.504684925 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.504908085 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.519551039 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.519583941 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:34.030586004 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:34.030767918 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.511115074 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.515995979 CEST8049752208.95.112.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.516505003 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.517378092 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.522238016 CEST8049752208.95.112.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.974970102 CEST8049752208.95.112.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:40.120323896 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.197380066 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.203207970 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.203286886 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.203368902 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.208156109 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.451457024 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.451503992 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.452234030 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.452326059 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.454040051 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.500505924 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.629504919 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.629589081 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.629703999 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.629703999 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.631637096 CEST49751443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.631656885 CEST44349751172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.742106915 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.742141962 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.742286921 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.742566109 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.742578983 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.847527981 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.057533026 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.057599068 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.297343969 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.297439098 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.298547983 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.298557043 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.298728943 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.298733950 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.479844093 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.479918957 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.479950905 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.479988098 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.480007887 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.480082035 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.481308937 CEST49759443192.168.2.9172.67.35.220
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.481323957 CEST44349759172.67.35.220192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.868865013 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:47.119322062 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:47.289300919 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:47.368005991 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.305707932 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.310780048 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.481350899 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.664849043 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.256772995 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.256822109 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.257070065 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.257356882 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.257374048 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.904577017 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.904768944 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.906706095 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.906723022 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.907499075 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.908447027 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.908447027 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:55.908474922 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.158368111 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.158549070 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.158602953 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.159183979 CEST49766443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.159209013 CEST4434976652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.246320963 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.246351957 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.246476889 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.247370958 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.247395039 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.586427927 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.586463928 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.586536884 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.590562105 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.590607882 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.590682030 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:56.875399113 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.071141958 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.101089001 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.101111889 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.107822895 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.107822895 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.107830048 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.107841969 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.343002081 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.343049049 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.344650030 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.344707012 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.362306118 CEST4434976752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.362591982 CEST49767443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.825144053 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.825243950 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.826977015 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.827194929 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.867610931 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.867640972 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.867988110 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.910227060 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.910310984 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.910609007 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.914872885 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.937854052 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.938360929 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.980539083 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:57.984503984 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.045470953 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.045828104 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.048898935 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.048957109 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.059998035 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.060050964 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.158185959 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.158370018 CEST4434976952.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.158488989 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.162694931 CEST49769443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.228071928 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.228260994 CEST4434976852.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.228454113 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.234122992 CEST49768443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.255321026 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.255352020 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.255564928 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.259696960 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.259711981 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.457766056 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.457834005 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.458528996 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.458796978 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.458817959 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.766974926 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.793206930 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.793246984 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.905565977 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.972404003 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:58.972501993 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.113111019 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.113801956 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.113846064 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.114994049 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.115000010 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.115016937 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.115026951 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.121607065 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.121824026 CEST4434977152.204.15.254192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.122056961 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.126766920 CEST49771443192.168.2.952.204.15.254
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.368010044 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.368189096 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.368263006 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.470258951 CEST49772443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.470309019 CEST4434977252.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.629718065 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.629784107 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.629973888 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.630304098 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:59.630337954 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.275713921 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.276634932 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.276647091 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.277510881 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.277510881 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.277529001 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.277546883 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.533293009 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.533504963 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.533627033 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.537194014 CEST49773443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.537216902 CEST4434977352.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.660665989 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.660725117 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.660793066 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.661406994 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:00.661427021 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.275388956 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.276962042 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.276976109 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.277743101 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.277761936 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.277779102 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.277793884 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.528942108 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.529136896 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.529340982 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.541716099 CEST49774443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:01.541745901 CEST4434977452.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.614891052 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.614947081 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.615025043 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.615386009 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.615401983 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.683515072 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.683568001 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.683751106 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.684303999 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:03.684325933 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.243585110 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.243689060 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.290934086 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.291140079 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.306391001 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.306423903 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.307447910 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.308334112 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.308391094 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.308834076 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.308834076 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.308903933 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.309375048 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.310210943 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.310269117 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.310295105 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498464108 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498545885 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498857021 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498893976 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498913050 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498950005 CEST49776443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.498955965 CEST4434977652.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.541992903 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543204069 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543407917 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543483019 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543483019 CEST49777443192.168.2.952.37.69.68
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543519974 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:04.543545008 CEST4434977752.37.69.68192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:15.125730991 CEST8049752208.95.112.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:15.125802994 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:53.596019030 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:53.596144915 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.197773933 CEST4975780192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.198204994 CEST4975280192.168.2.9208.95.112.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.198600054 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.202675104 CEST8049757146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.203016043 CEST8049752208.95.112.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.203392029 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.204474926 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.204569101 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.209331989 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.820563078 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.914983034 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:10.837198973 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:10.844904900 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:11.015481949 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:11.118206024 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.024777889 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.029838085 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.200270891 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.305620909 CEST4979480192.168.2.9146.185.152.21
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:28:17.201915979 CEST8049794146.185.152.21192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:28:17.202133894 CEST4979480192.168.2.9146.185.152.21

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.194953918 CEST5787053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.206584930 CEST53578701.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.474138975 CEST5775953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST53577591.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.650080919 CEST5934553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST53593451.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.005520105 CEST5858153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.257751942 CEST5726953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.267412901 CEST53572691.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.644179106 CEST5742853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.662199020 CEST53574281.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.424834013 CEST6091753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.932312012 CEST6442153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.330954075 CEST6033753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.350512981 CEST53603371.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.470984936 CEST4953053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.479428053 CEST53495301.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.412651062 CEST5180353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.420056105 CEST53518031.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.190040112 CEST5536853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.196789980 CEST53553681.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:53.062367916 CEST6032953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.169727087 CEST5961153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST53596111.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:09.460908890 CEST5980553192.168.2.91.1.1.1

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.194953918 CEST192.168.2.91.1.1.10x71eaStandard query (0)d3cored83b0wp2.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.474138975 CEST192.168.2.91.1.1.10x2459Standard query (0)shield.reasonsecurity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.650080919 CEST192.168.2.91.1.1.10x76feStandard query (0)analytics.apis.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.005520105 CEST192.168.2.91.1.1.10xaddaStandard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.257751942 CEST192.168.2.91.1.1.10x5fc5Standard query (0)localweatherfree.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.644179106 CEST192.168.2.91.1.1.10x9135Standard query (0)track.analytics-data.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.424834013 CEST192.168.2.91.1.1.10xf688Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.932312012 CEST192.168.2.91.1.1.10x7084Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.330954075 CEST192.168.2.91.1.1.10x6bc4Standard query (0)d3cored83b0wp2.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.470984936 CEST192.168.2.91.1.1.10x17b1Standard query (0)cheatengine.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.412651062 CEST192.168.2.91.1.1.10x24ebStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.190040112 CEST192.168.2.91.1.1.10x71ebStandard query (0)api.openweathermap.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:53.062367916 CEST192.168.2.91.1.1.10x7ee1Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.169727087 CEST192.168.2.91.1.1.10x28cdStandard query (0)analytics.apis.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:09.460908890 CEST192.168.2.91.1.1.10x34f4Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.206584930 CEST1.1.1.1192.168.2.90x71eaNo error (0)d3cored83b0wp2.cloudfront.net18.173.206.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.206584930 CEST1.1.1.1192.168.2.90x71eaNo error (0)d3cored83b0wp2.cloudfront.net18.173.206.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.206584930 CEST1.1.1.1192.168.2.90x71eaNo error (0)d3cored83b0wp2.cloudfront.net18.173.206.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:27.206584930 CEST1.1.1.1192.168.2.90x71eaNo error (0)d3cored83b0wp2.cloudfront.net18.173.206.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST1.1.1.1192.168.2.90x2459No error (0)shield.reasonsecurity.comd14mh4uvqj4iiz.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST1.1.1.1192.168.2.90x2459No error (0)d14mh4uvqj4iiz.cloudfront.net18.239.36.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST1.1.1.1192.168.2.90x2459No error (0)d14mh4uvqj4iiz.cloudfront.net18.239.36.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST1.1.1.1192.168.2.90x2459No error (0)d14mh4uvqj4iiz.cloudfront.net18.239.36.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:24:54.486743927 CEST1.1.1.1192.168.2.90x2459No error (0)d14mh4uvqj4iiz.cloudfront.net18.239.36.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)analytics.apis.mcafee.commosaic-orio.apis.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com52.37.69.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com35.163.196.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com35.162.183.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com52.32.251.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com18.236.20.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com54.190.82.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com44.226.107.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:06.656929970 CEST1.1.1.1192.168.2.90x76feNo error (0)mosaic-orio.apis.mcafee.com52.36.210.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.012891054 CEST1.1.1.1192.168.2.90xaddaNo error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.012891054 CEST1.1.1.1192.168.2.90xaddaNo error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.267412901 CEST1.1.1.1192.168.2.90x5fc5No error (0)localweatherfree.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:09.267412901 CEST1.1.1.1192.168.2.90x5fc5No error (0)localweatherfree.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.662199020 CEST1.1.1.1192.168.2.90x9135No error (0)track.analytics-data.ioatom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.662199020 CEST1.1.1.1192.168.2.90x9135No error (0)atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.com52.204.15.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.662199020 CEST1.1.1.1192.168.2.90x9135No error (0)atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.com44.199.83.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:11.662199020 CEST1.1.1.1192.168.2.90x9135No error (0)atom-production-collector-cyber-224812358.us-east-1.elb.amazonaws.com3.230.219.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.432893038 CEST1.1.1.1192.168.2.90xf688No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:15.432893038 CEST1.1.1.1192.168.2.90xf688No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.939656019 CEST1.1.1.1192.168.2.90x7084No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:21.939656019 CEST1.1.1.1192.168.2.90x7084No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.350512981 CEST1.1.1.1192.168.2.90x6bc4No error (0)d3cored83b0wp2.cloudfront.net18.173.206.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.350512981 CEST1.1.1.1192.168.2.90x6bc4No error (0)d3cored83b0wp2.cloudfront.net18.173.206.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.350512981 CEST1.1.1.1192.168.2.90x6bc4No error (0)d3cored83b0wp2.cloudfront.net18.173.206.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:27.350512981 CEST1.1.1.1192.168.2.90x6bc4No error (0)d3cored83b0wp2.cloudfront.net18.173.206.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.479428053 CEST1.1.1.1192.168.2.90x17b1No error (0)cheatengine.org172.67.35.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.479428053 CEST1.1.1.1192.168.2.90x17b1No error (0)cheatengine.org104.20.95.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:33.479428053 CEST1.1.1.1192.168.2.90x17b1No error (0)cheatengine.org104.20.94.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.420056105 CEST1.1.1.1192.168.2.90x24ebNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.196789980 CEST1.1.1.1192.168.2.90x71ebNo error (0)api.openweathermap.orgeu.api.openweathermap.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.196789980 CEST1.1.1.1192.168.2.90x71ebNo error (0)eu.api.openweathermap.org146.185.152.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.202919006 CEST1.1.1.1192.168.2.90x9ba1No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.202919006 CEST1.1.1.1192.168.2.90x9ba1No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:53.070014954 CEST1.1.1.1192.168.2.90x7ee1No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:53.070014954 CEST1.1.1.1192.168.2.90x7ee1No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)analytics.apis.mcafee.commosaic-orio.apis.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com52.40.48.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com44.226.229.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com52.37.69.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com54.149.154.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com52.36.210.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com52.10.161.213A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com54.188.207.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:07.179120064 CEST1.1.1.1192.168.2.90x28cdNo error (0)mosaic-orio.apis.mcafee.com52.32.251.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:09.469996929 CEST1.1.1.1192.168.2.90x34f4No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:26:09.469996929 CEST1.1.1.1192.168.2.90x34f4No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        • shield.reasonsecurity.com
                                                                                                                                                                                                                                                                        • localweatherfree.com
                                                                                                                                                                                                                                                                        • track.analytics-data.io
                                                                                                                                                                                                                                                                        • cheatengine.org
                                                                                                                                                                                                                                                                        • ip-api.com
                                                                                                                                                                                                                                                                        • api.openweathermap.org

                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.949752208.95.112.1807424C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.517378092 CEST272OUTGET /json/ HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
                                                                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:39.974970102 CEST482INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:39 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 305
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Ttl: 60
                                                                                                                                                                                                                                                                        X-Rl: 44
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.33"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.949757146.185.152.21807424C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.203368902 CEST155OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:45.847527981 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:45 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.057533026 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:45 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:46.868865013 CEST131OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:47.289300919 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:47 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.305707932 CEST131OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:25:48.481350899 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.949794146.185.152.21807424C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.204569101 CEST131OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:09.820563078 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:27:09 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:10.837198973 CEST131OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:11.015481949 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:27:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.024777889 CEST131OUTGET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: api.openweathermap.org
                                                                                                                                                                                                                                                                        Jul 28, 2024 00:27:12.200270891 CEST552INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:27:12 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 197
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                        Data Raw: 7b 22 63 6f 64 22 3a 34 32 39 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 74 65 6d 70 6f 72 61 72 79 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 65 78 63 65 65 64 69 6e 67 20 6f 66 20 72 65 71 75 65 73 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 6f 66 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 74 79 70 65 2e 20 50 6c 65 61 73 65 20 63 68 6f 6f 73 65 20 74 68 65 20 70 72 6f 70 65 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 77 65 61 74 68 65 72 6d 61 70 2e 6f 72 67 2f 70 72 69 63 65 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"cod":429, "message": "Your account is temporary blocked due to exceeding of requests limitation of your subscription type. Please choose the proper subscription https://openweathermap.org/price"}


                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.94970818.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:28 UTC233OUTPOST /o HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 125
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:28 UTC125OUTData Raw: 7b 22 70 72 76 22 3a 20 22 30 2e 31 22 2c 22 70 6c 76 22 3a 20 22 31 2e 33 34 2e 33 2e 38 33 34 31 22 2c 22 6c 22 3a 20 22 65 6e 22 2c 22 61 22 3a 20 22 63 68 65 61 74 65 6e 67 69 6e 65 22 2c 22 69 22 3a 20 22 63 68 65 61 74 65 6e 67 69 6e 65 22 2c 22 73 22 3a 20 22 63 68 65 61 74 65 6e 67 69 6e 65 22 2c 22 6f 22 3a 20 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"prv": "0.1","plv": "1.34.3.8341","l": "en","a": "cheatengine","i": "cheatengine","s": "cheatengine","o": "10.0.19045.2006"}
                                                                                                                                                                                                                                                                        2024-07-27 22:24:28 UTC490INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        Content-Length: 15654
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Server: awselb/2.0
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:28 GMT
                                                                                                                                                                                                                                                                        cache-control: no-cache
                                                                                                                                                                                                                                                                        x-true-request-id: 6cac38a2-067e-41e4-b4e0-f0a10ddf6ce3
                                                                                                                                                                                                                                                                        x-robots-tag: none
                                                                                                                                                                                                                                                                        expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 7f26f4279546775ace8410d89a15a960.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: eldZYkgwzPyk__mm4yznR6b_k6ogaVcB41nNkwyTkSvMldczkwGWCg==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:28 UTC14291INData Raw: 7b 22 76 22 3a 22 30 2e 31 22 2c 22 6c 22 3a 22 55 53 22 2c 22 69 22 3a 7b 22 63 75 22 3a 22 22 2c 22 63 74 22 3a 22 22 2c 22 63 70 22 3a 22 22 2c 22 63 74 75 22 3a 22 22 2c 22 63 6c 22 3a 22 22 2c 22 63 68 22 3a 22 22 2c 22 63 61 22 3a 22 76 35 2e 38 33 22 2c 22 63 66 22 3a 22 22 2c 22 63 70 69 22 3a 22 22 2c 22 63 70 73 22 3a 22 22 2c 22 63 64 22 3a 22 22 2c 22 63 70 72 22 3a 22 22 2c 22 63 70 70 22 3a 22 22 2c 22 63 66 6c 22 3a 22 22 2c 22 63 6a 22 3a 22 2b 31 22 2c 22 63 62 22 3a 22 22 2c 22 63 6f 64 22 3a 22 22 2c 22 63 74 70 22 3a 22 22 2c 22 63 65 70 22 3a 22 22 7d 2c 22 66 22 3a 7b 22 6d 22 3a 33 2c 22 78 22 3a 22 32 30 32 35 2d 30 32 2d 32 37 54 32 32 3a 32 34 3a 32 38 2e 35 37 30 5a 22 2c 22 61 22 3a 22 63 64 63 32 22 2c 22 64 22 3a 22 31 30 33
                                                                                                                                                                                                                                                                        Data Ascii: {"v":"0.1","l":"US","i":{"cu":"","ct":"","cp":"","ctu":"","cl":"","ch":"","ca":"v5.83","cf":"","cpi":"","cps":"","cd":"","cpr":"","cpp":"","cfl":"","cj":"+1","cb":"","cod":"","ctp":"","cep":""},"f":{"m":3,"x":"2025-02-27T22:24:28.570Z","a":"cdc2","d":"103
                                                                                                                                                                                                                                                                        2024-07-27 22:24:28 UTC1363INData Raw: 6f 67 6c 65 5c 5c 55 70 64 61 74 65 5c 5c 43 6c 69 65 6e 74 53 74 61 74 65 5c 5c 7b 38 41 36 39 44 33 34 35 2d 44 35 36 34 2d 34 36 33 43 2d 41 46 46 31 2d 41 36 39 44 39 45 35 33 30 46 39 36 7d 5c 5c 62 72 61 6e 64 5c 5c 41 57 43 41 22 2c 22 47 6f 6f 67 6c 65 5c 5c 55 70 64 61 74 65 5c 5c 43 6c 69 65 6e 74 53 74 61 74 65 5c 5c 7b 38 41 36 39 44 33 34 35 2d 44 35 36 34 2d 34 36 33 43 2d 41 46 46 31 2d 41 36 39 44 39 45 35 33 30 46 39 36 7d 5c 5c 62 72 61 6e 64 5c 5c 41 57 43 42 22 2c 22 47 6f 6f 67 6c 65 5c 5c 55 70 64 61 74 65 5c 5c 43 6c 69 65 6e 74 53 74 61 74 65 5c 5c 7b 38 41 36 39 44 33 34 35 2d 44 35 36 34 2d 34 36 33 43 2d 41 46 46 31 2d 41 36 39 44 39 45 35 33 30 46 39 36 7d 5c 5c 62 72 61 6e 64 5c 5c 41 57 46 41 22 2c 22 47 6f 6f 67 6c 65 5c 5c
                                                                                                                                                                                                                                                                        Data Ascii: ogle\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\AWCA","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\AWCB","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\AWFA","Google\\


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.94970918.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:29 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 276
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:29 UTC276OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 31 5c 22 2c 5c 22 37 5c 22 3a 5c 22 31 2e 33 34 2e 33 2e 38 33 34 31 5c 22 2c 5c 22 31 35 5c 22 3a 30 2c 5c 22
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"\",\"18\":\"\",\"19\":\"\",\"21\":\"133\",\"6\":\"1\",\"7\":\"1.34.3.8341\",\"15\":0,\"
                                                                                                                                                                                                                                                                        2024-07-27 22:24:30 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:30 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 741fa80e957b47e88235a1fa44ab4ea4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: iBlh8AWOlg_8wd11koTdDSYISj1wXUdZ5KLfMXDdlUAU7T3JLAAxfA==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:30 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.94971018.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC149OUTGET /f/RAV_Triple_NCB/images/DOTPS-855/EN.png HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                                                                        Content-Length: 75974
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Last-Modified: Sun, 11 Sep 2022 12:56:32 GMT
                                                                                                                                                                                                                                                                        x-amz-meta-cb-modifiedtime: Sun, 11 Sep 2022 10:58:27 GMT
                                                                                                                                                                                                                                                                        x-amz-version-id: mCoh4hrlqpNiFIHFPwsLWmtCICuCsWOt
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 04:21:35 GMT
                                                                                                                                                                                                                                                                        ETag: "cd09f361286d1ad2622ba8a57b7613bd"
                                                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 b44afb2a44376871c20edb8c123ed47c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: R9g-kZFD7-ByAppnGN00UjY59C4csC4Sd_iRMm6Ai4-4JmmPZNMxQw==
                                                                                                                                                                                                                                                                        Age: 69743
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 bc 00 00 01 68 08 06 00 00 00 b5 fd 28 e7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 01 28 5b 49 44 41 54 78 01 ec bd 0b 9c 1d 55 95 2f fc 3f dd 9d a4 11 30 27 f2 48 00 25 95 41 24 0a 4e 9f cc e0 10 74 a0 2b d7 ab 20 dc 31 8d 8e 02 de ab 5d ed 38 c2 c0 38 dd 11 d4 71 be 19 fa 44 9d 4f 51 98 74 3e 47 c0 b9 a3 7d 5a ee 88 78 d5 74 0b 28 e0 9d db d5 e0 23 11 86 9c f0 d0 c4 0c 93 0a 02 76 46 30 27 3c 3b 21 dd e7 3b ab 6b af ec 5d fb 54 d5 a9 f3 ea ee 74 f6 ff f7 ab 5f 55 ed e7 da 6b af bd f6 da 8f da 05 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18
                                                                                                                                                                                                                                                                        Data Ascii: PNGIHDRh(pHYssRGBgAMAa([IDATxU/?0'H%A$Nt+ 1]88qDOQt>G}Zxt(#vF0'<;!;k]Tt_Uk
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC16384INData Raw: ea 42 f7 b5 3e b1 63 eb 19 74 b1 c1 ab 82 66 34 17 b4 fb b3 9a 8b 8e 3e b6 70 f4 e2 e3 0a 7f f2 97 9f 19 63 7f 32 1c 1f 1b bb 6b da d8 3c ee a4 53 f7 ec 29 cd b0 aa f1 77 3e 78 ff b2 fb be 7d f3 05 7f fa a9 0d b7 87 e5 5d 9a 31 6e 7f 55 1d 07 8b 50 19 5f bb 72 55 fe df 1f ba 2f b3 60 d1 ab 26 8e 3f 79 b9 97 24 de 43 3f bc bd 83 8c dd 9e eb ff 65 23 ef 51 a6 fd bf a8 02 47 1d f3 ea 42 61 cf 93 81 59 f3 e7 9f 19 4f 97 f8 94 fe 8b 7f fc be 3d d0 b3 c6 0d 89 c6 2b 4e 59 cd bd a0 dc 6d c8 d9 5e 55 bf c4 cd f0 ee 0e 49 d7 82 5c 3d a9 06 23 22 7f ca 6f a3 e2 ee 89 7c f8 fb 8a bc e2 4e 18 46 90 5e 07 e5 fd 11 b4 f7 38 7d 49 e9 a5 51 1d 78 e0 4a 7a 7c 04 b2 bf 20 5d 41 ed af 4f 0b df 87 e0 e9 2f 6c 40 77 09 b7 1c 66 4e 9f 93 8e b4 34 37 3b 24 1c 85 f1 b4 77 2a 6b
                                                                                                                                                                                                                                                                        Data Ascii: B>ctf4>pc2k<S)w>x}]1nUP_rU/`&?y$C?e#QGBaYO=+NYm^UI\=#"o|NF^8}IQxJz| ]AO/l@wfN47;$w*k
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC16384INData Raw: f5 7d 1a 97 d9 43 6d f6 4d 35 a8 34 63 4c f9 11 bf b2 90 db 23 19 bc 6d 45 dd 8e b1 a2 42 7a 14 ae d1 b6 d5 ac a0 91 06 af 0b f9 01 03 2b 48 4b f1 f7 84 3b 75 d2 59 c5 dd 86 9c 9d a9 04 12 3c 9e e5 55 bf 96 e5 fb 80 96 4e 1f ea 9b 6d a5 f2 e4 10 34 0a 72 ca b3 0d f9 f1 43 4e f1 e7 86 d9 08 14 20 67 a7 d4 b2 d1 c8 4c 1d 09 ea a3 34 1b 41 81 d4 95 90 a5 3c 67 44 78 a2 99 95 73 0e c9 cb d1 27 ee 4b b4 fc ab 31 78 79 26 05 5a 1a 71 e1 01 39 03 ce e0 fd 4f a4 14 2c 2d 0e a7 5f 8f e1 62 85 bc 53 7a 1e c2 47 f2 e4 ce fb e5 54 54 23 9b bb c5 95 d5 f2 ed 4a 18 9f c3 52 5d ba c2 8d 9e 79 50 13 c0 f9 97 fd 45 61 e7 bf dd e7 6d 19 19 ea 78 f6 e9 5d d6 1f 5d 74 f9 3d ec 77 cc 6b 4e 28 19 b6 c7 15 fe e4 2f 3f 73 48 89 d3 87 49 8f 8d dd 75 c6 d1 e9 13 22 0d 97 bd 7b 9e
                                                                                                                                                                                                                                                                        Data Ascii: }CmM54cL#mEBz+HK;uY<UNm4rCN gL4A<gDxs'K1xy&Zq9O,-_bSzGTT#JR]yPEamx]]t=wkN(/?sHIu"{
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC14808INData Raw: b6 c4 64 e0 7c b0 a0 0c 04 d5 73 8f e7 46 69 d3 5c 6b 90 d7 f7 55 c6 36 fd fa f2 d0 40 67 0c dc 85 9e 24 41 5b 06 8c 70 93 e5 4a 71 1a d1 eb 2d 0d 2d f4 8e 5a c5 30 7c 45 56 b6 7a 9a a2 dd b1 34 e8 0c ca 6f a3 13 34 51 90 31 41 c2 75 08 ce 10 ac ca 51 b4 15 4d b7 a4 68 1b d2 fc 47 03 8a 07 0c 95 9d 14 53 8c 76 bd a9 5c 52 f0 a9 0d 68 62 db 61 e3 6e b7 e1 87 d1 99 71 91 07 1b d1 e3 15 e2 25 f6 37 2a 09 43 ca 65 0a 2b 03 95 7b c6 fb 23 63 ae e8 e2 86 da 26 12 e7 29 da 17 47 74 85 9d c0 29 b3 1a f2 7d 23 db 9f fc cf c3 ca c2 6d 1a c3 19 63 4d 54 23 46 db 98 e7 db 73 64 1c ee 2b 08 6b e6 ff 0e 7e ed d0 67 5f db fa ce b7 d6 3d e6 82 0b ef 7e d6 15 bf 30 59 96 f8 bc d1 73 fb fd df fd ce 46 ba bd 4d b7 a7 c9 b8 3d ff f1 9b d3 7b be f9 b5 8d 77 cc 1b 35 b5 0d 4f
                                                                                                                                                                                                                                                                        Data Ascii: d|sFi\kU6@g$A[pJq--Z0|EVz4o4Q1AuQMhGSv\Rhbanq%7*Ce+{#c&)Gt)}#mcMT#Fsd+k~g_=~0YsFM={w5O
                                                                                                                                                                                                                                                                        2024-07-27 22:24:31 UTC12014INData Raw: c3 4f e0 11 a6 6f ed dc e5 c7 e7 e6 36 e2 61 04 ad e6 1e 7f a8 ef a6 73 f0 40 aa 86 ae a2 28 0f 57 7a fd e1 09 7a 68 e6 54 58 49 a1 bd 66 06 bd 43 be 8a 8a 7e 4f 95 76 38 d9 c8 77 2b d2 ef 3e ac 6e 0c b2 df a7 e7 87 c4 3a 11 21 5b b7 1a 56 9f 7c c4 c8 7f 84 62 b5 13 a1 a2 cc 8c 0e 6d 6b d1 7b 7c df f6 9b 2f 78 4f df f1 33 e7 ff 70 d3 bc 25 78 da ee f7 fb 97 ff bd e7 e9 ef fb fd df d8 7e f6 f1 07 ff fc ed bf f9 fc e6 b5 43 cf 3b bc 8a 8d dd 18 ee 1d d3 f4 47 7d 6a d0 3d fb 6c fc 09 f4 06 7a b7 69 23 e0 3e 06 f7 39 61 c9 30 aa 7f 4d 8c 1e 26 8d a1 ac 46 58 b7 93 2c c5 e8 9e 18 ab 7b 2e 8b b0 fa e7 da 65 a1 97 1f 9e 20 22 e4 95 c0 6a 84 04 b9 97 2f 4a e6 f4 12 b4 eb af 2b e7 d5 a0 27 6a 67 c4 f9 51 ac 5e a8 5f f9 45 dc 6c 28 f5 a1 da 43 12 14 57 d6 8d 94 29
                                                                                                                                                                                                                                                                        Data Ascii: Oo6as@(WzzhTXIfC~Ov8w+>n:![V|bmk{|/xO3p%x~C;G}j=lzi#>9a0M&FX,{.e "j/J+'jgQ^_El(CW)


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.94971118.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC139OUTGET /f/WebAdvisor/images/943/EN.png HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                                                                        Content-Length: 48743
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Last-Modified: Wed, 23 Nov 2022 15:50:00 GMT
                                                                                                                                                                                                                                                                        x-amz-version-id: RW9gnZViDqHn6sjOaRWUaFg5F2z0vnXM
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 04:17:52 GMT
                                                                                                                                                                                                                                                                        ETag: "4cfff8dc30d353cd3d215fd3a5dbac24"
                                                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 20ce720be9c31a6a95223700ba5f8724.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: bnxjkbikvXQwVrzwVAtEJ-T6fyepfZmR6JYluqqd_4GoNd2PwLdbbQ==
                                                                                                                                                                                                                                                                        Age: 69743
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC15872INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 bc 00 00 01 68 08 06 00 00 00 b5 fd 28 e7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 bd fc 49 44 41 54 78 01 ec bd bf b3 65 49 75 e7 bb ab 1b 01 c6 28 d4 0a 59 33 31 11 7d 71 c0 19 05 8d 60 14 a1 e7 74 e1 cf 04 8d 5a 83 c4 38 74 3b 78 33 c0 5f 40 e1 8c 33 06 30 de 7b 0e 45 84 22 80 26 1a 35 a1 67 8d 43 e1 bc 89 90 40 0d 92 25 9c 3e 72 84 35 a1 ea d0 18 42 02 ea ed 4f d5 fe dc 5e b5 2a f7 af 73 f6 b9 f7 dc 7b d6 37 e2 dc 7b ce fe 91 b9 72 e5 ca 95 2b 57 ae cc ec ba 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85
                                                                                                                                                                                                                                                                        Data Ascii: PNGIHDRh(pHYssRGBgAMAaIDATxeIu(Y31}q`tZ8t;x3_@30{E"&5gC@%>r5BO^*s{7{r+WBP(BP(BP(BP(BP(BP(
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC16384INData Raw: bd e5 b4 e6 16 92 b4 8c 80 d8 f1 e5 fb 63 9e 0f 01 8f e9 d8 9c 5e 73 fa 75 29 ec 14 63 bd da 19 c7 74 5a 3c cb a1 16 91 87 ca 64 2c 07 65 6d 19 29 76 c2 7c 48 93 fc a1 6b ac ec 1a dc c8 87 cf 45 23 8c 8e 3a cb 5a 4c 6b 69 27 63 fb c9 bc 01 f2 2d 03 79 81 ae d8 a1 6a 28 90 5e 2e 53 34 fa f7 81 5e 2d f8 e6 94 aa bc 5e 8a 39 19 cb 60 80 ea c0 15 dd c2 fb 71 c0 81 6e 59 13 13 9b 65 2b fe d6 78 6e d1 7b cc dd 4f d6 e8 ea ae 7b 96 87 7a fb e1 11 f7 b2 2e 54 26 40 1e 9c 0a 8d b6 25 98 d2 69 f0 69 ad 1e 85 3e 0d 4b fb 14 bd cb ad f4 cc 7f 4d 9d 2c 91 bb 9c 8f b3 94 51 8f c4 74 f4 f0 46 d8 c6 90 d5 56 5f 89 47 dc 81 7f ec 2b 91 61 de a5 5e d4 ff 3a 3f c6 10 eb 21 3e 87 f1 dc ba bf b4 7e 6f 3a ca e0 2d 4c 02 43 57 af 99 1e c9 a9 4e 44 cf 92 06 80 9d 1e 0d 98 eb 2a
                                                                                                                                                                                                                                                                        Data Ascii: c^su)ctZ<d,em)v|HkE#:ZLki'c-yj(^.S4^-^9`qnYe+xn{O{z.T&@%ii>KM,QtFV_G+a^:?!>~o:-LCWND*
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC16384INData Raw: 8c 1d 82 7d 0c eb b9 e7 0f e1 e9 75 1a ba 62 2b fe ef 93 ce 3e fa 65 8e 67 6b d2 5c ab 77 e6 16 ab 1d 53 4f 8c e1 3a f5 a2 70 4a 1f 6f e5 58 18 db d2 3c d6 d4 df b1 db cf 12 79 5b 43 c3 92 67 b7 e6 51 4c 77 2a ed 2d db d5 29 a3 42 1a 0a 37 02 4c 0d 3b 05 35 16 2b 75 13 91 3d 22 37 01 73 75 e1 74 59 e1 76 e3 1c ea d9 45 3b 79 ea fb 54 10 db e2 92 81 f3 31 40 be 86 88 5d cc 84 57 15 0a d7 89 0a 69 58 80 db 1a d2 70 d3 b0 66 fa a8 70 5c 54 5d 14 ce 05 a7 2e eb a7 40 5f e9 83 c2 16 38 76 48 43 79 78 0b 37 06 a5 50 4f 07 55 17 85 73 c1 a9 cb fa 29 d0 57 fa a0 70 13 50 06 6f a1 50 28 14 0a 85 42 e1 56 a3 0c de 33 82 db 93 1c e3 80 84 eb 86 47 42 02 b6 66 6a 1d 45 7a 9d 60 27 86 b1 0d bb 59 f4 41 bd 1c 02 ca 3c b5 9f ef 75 83 ed 8e d6 d6 c9 3e fb 1a 1f 0b 5b b4
                                                                                                                                                                                                                                                                        Data Ascii: }ub+>egk\wSO:pJoX<y[CgQLw*-)B7L;5+u="7sutYvE;yT1@]WiXpfp\T].@_8vHCyx7POUs)WpPoP(BV3GBfjEz`'YA<u>[
                                                                                                                                                                                                                                                                        2024-07-27 22:24:32 UTC103INData Raw: 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 43 fc 13 64 0f cf 26 d8 61 a8 b7 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                        Data Ascii: """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""Cd&aIENDB`


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.94971218.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:33 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 352
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:33 UTC352OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 63 6f 6d 70 61 6e 69 6f 6e 32 30 31 36 46 46 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 63 6f 6d 70 61 6e 69 6f 6e 46 46 5f 6e 65 77 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"Webcompanion2016FF\",\"18\":\"ZB_WebcompanionFF_new\",\"19\":\"\",\"21\":\"133\",\"6\":
                                                                                                                                                                                                                                                                        2024-07-27 22:24:34 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:34 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 a9a00cd74e5659e3b49c7fab5dc2863a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: ceDR_pPJxpmGC_hozniRFl1-fw7tFzNg0gaMLBWlc8OFnJqD0uvhpg==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:34 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.94971318.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:35 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 339
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:35 UTC339OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 56 47 5f 41 56 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 41 56 47 5f 41 56 5f 54 72 75 73 74 50 69 6c 6f 74 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 32 5c 22 2c 5c 22 37 5c 22 3a 5c
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"AVG_AV\",\"18\":\"ZB_AVG_AV_TrustPilot\",\"19\":\"\",\"21\":\"133\",\"6\":\"2\",\"7\":\
                                                                                                                                                                                                                                                                        2024-07-27 22:24:35 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:35 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 8576ee57c8a84a61190d4c1b31b69a90.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: Q2i7aQZPgf2mQHZzaRRhqrwF0rz0-Y_wHUM1WkbVSpunuEmxMBMRoA==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:35 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.94971418.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:36 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 344
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:36 UTC344OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 43 6f 6d 70 61 6e 69 6f 6e 43 48 4f 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 43 43 48 4f 5f 6e 65 77 5f 49 53 56 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 32 5c 22 2c 5c 22
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"WebCompanionCHO\",\"18\":\"ZB_WCCHO_new_ISV\",\"19\":\"\",\"21\":\"133\",\"6\":\"2\",\"
                                                                                                                                                                                                                                                                        2024-07-27 22:24:36 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:36 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 8d70d51432f10e2eca684af448a5f99e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: T55DaGQQfmwwdD0HeUDRWYtEVblKqwmPaD6rukIfau5Mtgabs3udig==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:36 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.94971518.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:38 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:38 UTC334OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 76 61 73 74 5f 4e 43 48 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 41 76 61 73 74 5f 4e 43 48 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 32 5c 22 2c 5c 22 37 5c 22 3a 5c 22 31 2e 33 34
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"Avast_NCH\",\"18\":\"ZB_Avast_NCH\",\"19\":\"\",\"21\":\"133\",\"6\":\"2\",\"7\":\"1.34
                                                                                                                                                                                                                                                                        2024-07-27 22:24:39 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:39 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 506bffda4b1949c4425629ce0bdce052.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: bVjBGmFjzmqxpaO3MPrLGb_lL38T92xkWx_P7tTxSvZRPeJmALBfVQ==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:39 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.94971818.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:40 UTC140OUTGET /f/WeatherZero/images/969/EN.png HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:40 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                                                                        Content-Length: 30586
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Last-Modified: Thu, 08 Dec 2022 12:37:43 GMT
                                                                                                                                                                                                                                                                        x-amz-version-id: MVrTExmvEQAJj6fAGLSH_gwH63ab4qxc
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:40 GMT
                                                                                                                                                                                                                                                                        ETag: "9ac6287111cb2b272561781786c46cdd"
                                                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 3f257ae011e1a2ab12346ea11fad9a18.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: LOkDgtjwtTT8VH09Nfsj48xkoVdzX1F7U4NrW2_cdQsi_GvHLwtFHw==
                                                                                                                                                                                                                                                                        Age: 31671
                                                                                                                                                                                                                                                                        2024-07-27 22:24:40 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 bc 00 00 01 68 08 06 00 00 00 b5 fd 28 e7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 77 0f 49 44 41 54 78 01 ed bd 09 9c 5d 57 75 e6 bb 35 db 12 e0 12 24 a4 b1 8d 55 02 e7 e1 e9 21 89 04 92 74 9a 48 22 84 90 a1 23 39 09 79 49 27 d8 12 83 33 30 48 02 cc 0c 92 18 02 06 82 24 27 61 36 1a 92 ce 44 82 a4 4e 77 42 9a 04 c9 34 09 74 42 9e 24 9e b1 8d 27 95 07 08 84 07 92 30 c8 b2 64 bb 7a 7d 57 f7 2b 2f 2d ed 33 dc aa 5b 75 ef 3d f5 fd 7f bf 53 f7 0c 7b 58 7b ed 69 9d 7d f6 de 95 92 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08
                                                                                                                                                                                                                                                                        Data Ascii: PNGIHDRh(pHYssRGBgAMAawIDATx]Wu5$U!tH"#9yI'30H$'a6DNwB4tB$'0dz}W+/-3[u=S{X{i}B!B!B!B!B!B!B!B
                                                                                                                                                                                                                                                                        2024-07-27 22:24:40 UTC14202INData Raw: a8 0a af 4c 87 55 3a f0 e1 73 2a 0d 75 58 54 d7 72 e1 45 99 58 ce bd df 32 19 73 94 e5 75 ce 6d 2c c7 b9 34 4e a4 1c e5 ee 8d a7 7e 7a ff b9 f4 c4 76 aa ca 7d 8e b2 f4 d6 4d 1f 46 cd 30 1a 76 b8 c6 3f 8b 89 d3 a9 62 9d 8f e9 88 71 95 95 e9 a8 87 f1 a4 b9 6e 5d a7 ee 59 86 ea e8 bb ac cf 61 18 55 7d 56 a7 65 88 f3 52 73 ff b4 a4 4e bd a9 7b 8f f2 e5 d2 97 cb 47 52 96 77 45 6d 45 a4 93 36 8e e1 e4 ea 0d d3 e0 75 1c db 39 9e 4f 37 76 ed da 85 be 7b ca ed 4f 19 bc a2 ef 18 69 2f 80 19 c9 ec a6 40 68 f0 c6 b9 68 42 88 c1 84 06 00 16 82 e1 53 b8 16 f9 f4 0f c8 1b 7c fe c7 d4 01 bc 88 d4 79 11 10 a2 88 5e 19 bc 9a c3 2b 84 10 a2 e7 60 54 97 3b 7f c8 d8 ed 2f 30 c0 00 63 17 03 0c 32 76 c5 a0 a2 5d 1a 44 df 81 06 75 74 b4 7c 8a 4f 9d cf 9d 42 88 c1 01 9f c9 61 e8
                                                                                                                                                                                                                                                                        Data Ascii: LU:s*uXTrEX2sum,4N~zv}MF0v?bqn]YaU}VeRsN{GRwEmE6u9O7v{Oi/@hhBS|y^+`T;/0c2v]Dut|OBa


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.94971918.239.36.944437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC124OUTGET /rsStubActivator.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: shield.reasonsecurity.com
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                                        Content-Length: 33432
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:24:55 GMT
                                                                                                                                                                                                                                                                        ETag: W/"8298-H4WEu2RJc8KRS+6Smz0B//WeqyU"
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                        Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                        Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                                                        X-Download-Options: noopen
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                        content-disposition: attachment; filename=rsStubActivator.exe
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 3c5b664ba8ab85923bc039b2acf98430.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: AMS58-P2
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: 7XDaS81v79_hUfmJewk9G_ClSU2SSmUcsUhylnSNvJbOrmkT26Jb9A==
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC6272INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a9 ef 9a d4 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 12 00 00 00 16 00 00 00 00 00 00 4e 31 00 00 00 20 00 00 00 40 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 00 00 00 02 00 00 88 4f 01 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0N1 @@ O`
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC7240INData Raw: 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 31 00 2e 00 36 00 2e 00 31 00 2e 00 30 00 00 00 bc 44 00 00 50 0d 00 00 00 00 00 00 00 00 00 00 ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 73 65 6d 62 6c 79 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 3e 0d 0a 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 30 22 20 6e 61 6d 65 3d 22 4d 79 41 70 70 6c 69 63 61 74 69 6f 6e 2e 61 70 70 22 2f 3e 0d 0a 20 20 3c 74 72 75 73 74 49 6e 66
                                                                                                                                                                                                                                                                        Data Ascii: embly Version1.6.1.0DP<?xml version="1.0" encoding="utf-8"?><assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInf
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC8192INData Raw: 16 04 14 68 37 e0 eb b6 3b f8 5f 11 86 fb fe 61 7b 08 88 65 f4 4e 42 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ec d7 e3 82 d2 71 5d 64 4c df 2e 67 3f e7 ba 98 ae 1c 0f 4f 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 03 30 77 06 08 2b 06 01 05 05 07 01 01 04 6b 30 69 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 41 06 08 2b 06 01 05 05 07 30 02 86 35 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 54 72 75 73 74 65 64 52 6f 6f 74 47 34 2e 63 72 74 30 43 06 03 55 1d 1f 04 3c 30 3a 30 38 a0 36 a0 34 86 32 68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63
                                                                                                                                                                                                                                                                        Data Ascii: h7;_a{eNB0U#0q]dL.g?O0U0U%0+0w+k0i0$+0http://ocsp.digicert.com0A+05http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0CU<0:08642http://crl3.digicert.c
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC4840INData Raw: e7 ba 98 ae 1c 0f 4f 30 1f 06 03 55 1d 23 04 18 30 16 80 14 45 eb a2 af f4 92 cb 82 31 2d 51 8b a7 a7 21 9d f3 6d c8 0f 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 79 06 08 2b 06 01 05 05 07 01 01 04 6d 30 6b 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 43 06 08 2b 06 01 05 05 07 30 02 86 37 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 41 73 73 75 72 65 64 49 44 52 6f 6f 74 43 41 2e 63 72 74 30 45 06 03 55 1d 1f 04 3e 30 3c 30 3a a0 38 a0 36 86 34 68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 41 73 73 75 72 65 64 49 44 52 6f 6f 74 43 41 2e 63 72 6c 30 11 06 03 55
                                                                                                                                                                                                                                                                        Data Ascii: O0U#0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U
                                                                                                                                                                                                                                                                        2024-07-27 22:24:55 UTC6888INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.94972018.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:56 UTC142OUTGET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:56 UTC629INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/x-zip-compressed
                                                                                                                                                                                                                                                                        Content-Length: 527389
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Last-Modified: Tue, 26 Mar 2024 13:11:30 GMT
                                                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                        x-amz-meta-cb-modifiedtime: Tue, 26 Mar 2024 13:10:42 GMT
                                                                                                                                                                                                                                                                        x-amz-version-id: 7sn0EuMWH3aYiKrbA4lOPgyoNDAU9iIf
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 12:06:07 GMT
                                                                                                                                                                                                                                                                        ETag: "f68008b70822bd28c82d13a289deb418"
                                                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 24df21f8156a0df29febdf6c3e09e32c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: xLydGFXZCpSCTUhsbdR7IZU7S5qQhQrzICoCJ-h3l3c0NpDtPGPGPw==
                                                                                                                                                                                                                                                                        Age: 38350
                                                                                                                                                                                                                                                                        2024-07-27 22:24:56 UTC15755INData Raw: 50 4b 03 04 14 00 00 00 08 00 9b 5c 7a 58 1c 99 c3 c5 a9 0b 08 00 80 11 12 00 09 00 00 00 73 61 42 53 49 2e 65 78 65 e4 5a 7f 70 54 d7 75 be 2b 69 a5 d5 8f 65 57 20 63 d9 c8 f1 da 26 8e 9a c1 92 6c a1 09 13 8b c9 82 59 5b 06 01 8b 2d 40 60 01 c2 08 f1 90 65 90 b1 b0 e5 16 3b 72 05 54 ab 95 1c 4d 4a 33 b4 61 dc 5d ad dc 68 3a 9a 56 46 3f d8 75 15 b3 c4 54 12 1d 1c 2b ad 9a 28 29 d3 ca 89 3b f3 1c d4 76 93 12 5b 76 15 d4 f3 9d fb f6 bd dd d5 92 e0 bf b3 03 f7 5d 9d f7 9d ef 9e 73 ee bd e7 fe d8 dd bc bb 5b a4 0a 21 d2 e8 ff c2 82 10 41 21 3f 4e f1 fb 3f 25 26 21 96 dc fb ce 12 31 94 f9 fe 7d 41 53 e5 fb f7 55 29 87 5f 74 34 1d 3b 7a e8 d8 fe e7 1d 07 f6 1f 39 72 b4 d9 f1 ec 41 c7 b1 e3 47 1c 87 8f 38 36 6c 7d da f1 fc d1 ba 83 45 56 6b d6 4a 8d e3 11 db 87
                                                                                                                                                                                                                                                                        Data Ascii: PK\zXsaBSI.exeZpTu+ieW c&lY[-@`e;rTMJ3a]h:VF?uT+();v[v]s[!A!?N?%&!1}ASU)_t4;z9rAG86l}EVkJ
                                                                                                                                                                                                                                                                        2024-07-27 22:24:56 UTC16384INData Raw: 2f 83 97 5c 58 2e 66 8c 45 c6 51 c0 f7 d4 54 79 c9 5a f8 fb 4b c5 9f 95 97 ac 2b 17 bc 64 e4 29 6a 58 3f 3b d3 59 0f ab 33 7d c6 fe 9a 87 e2 23 5e b2 a9 5c 7e 3e 49 69 4f c7 86 c9 f2 92 01 48 3f d4 a7 d6 17 83 7b e9 f9 89 eb 87 ca c5 fd d5 5e ae dc 5f 2a 2f d9 b0 01 45 19 74 ae eb 4b e9 13 f4 3f e9 11 2f d9 23 fb bf 57 89 37 b6 e1 62 78 c9 30 ef ff 3d da fe 27 5e 32 5a 6e f2 92 bb ca 05 2f e9 8a b0 99 65 37 8c 9f dc a3 f0 92 c3 7d 3c 3e c1 4b 0e 95 8b 19 79 b8 5c fc fd a7 c8 d4 78 c9 01 f8 2a b5 04 2a 78 c9 ff ee c3 23 fe 68 b9 c9 4b 5e 28 9f 88 97 4c 44 b0 53 09 bd b7 76 73 3d 93 97 cc a5 f8 89 97 cc f2 88 fe ca f6 28 fd a5 f2 92 be 8d 4c 6a 0c 52 cb 77 a7 b4 e1 c5 f0 92 fd 65 e0 25 31 bf 2d 9b db 57 66 f2 92 38 33 bd bc 24 b5 69 7a 5e f2 0a fa bd 86 97
                                                                                                                                                                                                                                                                        Data Ascii: /\X.fEQTyZK+d)jX?;Y3}#^\~>IiOH?{^_*/EtK?/#W7bx0='^2Zn/e7}<>Ky\x**x#hK^(LDSvs=(LjRwe%1-Wf83$iz^
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: b9 e8 07 27 13 b8 12 39 3f 83 9e 6b 07 d6 90 9f 46 a5 10 7e f3 65 5d 48 7c 6c ba 5a e8 63 c7 f1 9e 91 82 de c2 b1 32 d0 56 b8 f0 03 2a 51 1e b8 06 88 32 0b 88 72 5f b3 42 94 d1 39 70 df d3 df c2 bf ac e4 cb b0 bc 82 f9 32 1e 6e 50 9d be 8e c5 97 77 31 2b ed 15 3f 3d e7 9b fd cb e7 a2 0d ea 5a fc 6b a0 c5 09 6c 3a 1e 56 0d a7 a1 e3 d8 e0 9b 97 6f 50 69 cf f7 6d fa c7 1c da a6 37 b5 2e fa 77 c0 26 34 75 d3 77 be d1 7d ae b6 f7 e3 6f d3 de 78 c5 5f 4f 31 13 3f b4 f6 a3 2b 68 2d dc de eb 57 82 cf 21 87 ef f9 ed 38 7c 2f ef 51 87 8f ff ee 37 34 aa b4 77 f0 5b b7 d7 ca da bb 27 dc 9e ef ca da a3 ff 0e 3e 31 11 03 34 f5 f1 37 35 15 d3 5e c2 c6 7f a3 3d 4c 7b 00 ed 15 7c ef b2 ed b1 50 1d 16 57 5d 44 ba d0 36 5b 0d 9a bb 78 af a7 38 b4 52 20 ef ba e8 29 94 1d cf
                                                                                                                                                                                                                                                                        Data Ascii: '9?kF~e]H|lZc2V*Q2r_B9p2nPw1+?=Zkl:VoPim7.w&4uw}ox_O1?+h-W!8|/Q74w['>1475^=L{|PW]D6[x8R )
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: 5b 95 a5 cb 7a 87 3f c6 69 de 05 af e9 20 14 43 bf 81 09 6e 10 7e 0c c4 8f fe df c4 47 ad 17 cf 84 db 97 47 7b b5 2f 54 61 c2 57 65 8e fa a8 7e 35 1b 2c 45 55 48 96 dd b3 2d b3 4e 81 78 05 07 4f ed 40 1b e3 49 b8 c3 df 49 55 f3 a8 95 20 2b b0 dc b7 c5 ec e9 0d b8 4a a4 ab 77 cc ef 6a cd ab 7a 9d ba c0 11 bc 45 5b 8b cd 69 bd a9 e1 bf f9 97 e7 51 57 3c 57 ad f0 ad 87 7f 76 1e b5 90 44 f9 1a cd 0e da cd ab 8e 50 57 f8 33 59 4a b7 b0 73 75 54 7b f0 42 6d 98 b1 9c 85 87 67 dc 25 c1 c1 2b 0e 0b 63 99 82 9e d8 da 46 12 05 6c c0 27 9e 21 35 5d 1a 8f ba f5 09 f6 6e d7 34 fc 3d f8 3e 3e 54 ce a2 7f 68 f4 de de 4f 70 20 f6 82 e0 fb b5 f4 93 18 8c b6 e2 22 2e e9 bc 67 bf bf 66 b9 c3 35 6b d5 ab df 53 b3 5e be 68 6a 16 be d2 15 35 0b 8b b4 c0 f3 52 c4 f3 ea 88 f6 96
                                                                                                                                                                                                                                                                        Data Ascii: [z?i Cn~GG{/TaWe~5,EUH-NxO@IIU +JwjzE[iQW<WvDPW3YJsuT{Bmg%+cFl'!5]n4=>>ThOp ".gf5kS^hj5R
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: dc 76 97 21 67 31 d2 2d e1 75 83 6f b1 45 f2 a4 d1 6c df 73 09 59 83 89 ae 28 bc 0c f9 c5 d2 51 de 34 02 d3 1c df 62 bb e4 b9 42 00 b8 b4 1f 80 88 be 45 c5 a3 21 e0 48 ed f1 b0 31 40 39 2c ee 62 0b a2 7b bc 18 7c a3 fd 3a f0 a8 a6 7e f4 d3 55 89 6b 5a e8 68 bc 5e b0 f3 8a ca 3b 70 71 02 dd 17 c3 ab 52 83 8d cf 83 87 f0 00 93 58 7e 2a e1 6b 96 8a 85 36 98 98 0a 8b e6 57 49 51 fe 90 b4 9e 96 14 36 5e dc ec 58 ed 4d 92 ec 7f 0d 75 4c c1 14 6d 6a 92 5a 60 d7 dc b6 62 4d e1 01 85 d3 ca 6b 40 e9 c2 65 d7 80 d2 2d d6 5c bf a1 35 d7 38 44 36 da 09 2c 50 50 84 3f 55 c1 80 69 3c dd 26 8b a7 29 e2 27 35 8e 7e d2 c4 dd 78 13 fd 64 8b bb 89 e2 27 5f fc e0 16 8d a4 ba 33 03 05 b9 0e 87 b1 b0 ab 16 58 9a ad a6 0a 61 18 fd 65 8c 21 1a 70 cf 0a 2c 59 7b 2b f8 1f c6 f4 13
                                                                                                                                                                                                                                                                        Data Ascii: v!g1-uoElsY(Q4bBE!H1@9,b{|:~UkZh^;pqRX~*k6WIQ6^XMuLmjZ`bMk@e-\58D6,PP?Ui<&)'5~xd'_3Xae!p,Y{+
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: b6 1e 71 cc 5a 1f 0b b3 a3 dd 24 f4 61 47 5b f7 58 c8 8e b6 70 77 49 b0 b2 01 2a 47 f0 a5 69 f1 2c 5e 6f 81 5c b8 bd d5 94 2a a0 05 ed b5 21 0b da 9e 6e 34 26 d2 1a de b6 87 d5 5c 16 29 06 0f e8 54 8d 81 c6 f6 5e 82 aa 7a 38 7c 09 2a e1 b4 59 60 c7 a7 a2 27 de 9c 90 23 7e f5 af 5f 7a 9a f5 4c f8 fe 47 f7 00 fb 1f 12 69 21 f2 12 98 08 6c b9 40 13 01 be 0a 8b b1 a8 d5 61 20 ab f9 a0 cf 29 00 c6 85 4d 01 68 0a f3 b3 0e 3e 05 38 2c 84 a6 00 d5 7c 92 8d 25 fd bc 03 a7 00 75 17 f8 14 e0 59 41 9d 02 6c c6 ac 87 9f e5 53 80 ee f3 9c a5 8b f0 2e f3 8d 8f d3 6a 32 fe aa 7e a9 ce e3 f7 66 f8 fe 09 66 ba 67 1c ca 1f 3d 86 ed 1c a7 4f 01 e8 7b dc 22 2c 04 2b 54 03 1a 16 a3 0c 72 22 30 85 ad 28 83 9c a1 2d 17 a7 b6 fc bc 61 a2 49 20 af 32 a4 53 60 2b fa 9a 05 10 c2 1e
                                                                                                                                                                                                                                                                        Data Ascii: qZ$aG[XpwI*Gi,^o\*!n4&\)T^z8|*Y`'#~_zLGi!l@a )Mh>8,|%uYAlS.j2~ffg=O{",+Tr"0(-aI 2S`+
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: ca 48 84 fe 39 2c a4 28 08 fd 73 58 4a 59 3e bb 66 b6 db 25 df 8c 05 e9 5f d9 b1 be 51 be 19 b3 96 b5 74 2d 14 68 c0 c8 c5 2e 7e fc cb c7 e7 77 22 df 00 42 52 ca 8c 96 be 47 d8 b8 41 1b fc b0 13 c3 26 7f 71 23 ab 87 1f 84 d6 68 a8 ef 17 cc 9e 03 d7 8e b8 53 ac 06 5a 97 8f f2 df 56 04 86 4c c4 c6 ec 6d de 71 9b aa 67 19 c4 86 5f 42 21 5f 8b d6 de 06 3b 9d e2 47 23 63 17 9d 30 87 a9 61 c4 9d 8b b4 be 80 16 de 97 76 f3 40 cc 2e 85 59 34 d2 27 f3 41 96 78 71 88 59 ba 62 ba 7d 40 5d a1 a8 99 31 ac bc 89 24 2b 46 27 72 19 a3 1d 89 a0 f1 36 93 dc 94 31 8c d9 16 4d ac 1e ae 96 f1 0f c0 23 d3 cc 04 6b 41 f0 68 78 20 84 ed 20 68 cb f2 d0 2e 81 7e d8 79 1e a4 60 92 4e 16 e8 75 fb 41 38 80 f9 80 7e c2 08 b8 c9 7e da 11 3c 1f ea 2b 80 c2 e4 e9 93 17 78 30 bc 9b 08 3b
                                                                                                                                                                                                                                                                        Data Ascii: H9,(sXJY>f%_Qt-h.~w"BRGA&q#hSZVLmqg_B!_;G#c0av@.Y4'AxqYb}@]1$+F'r61M#kAhx h.~y`NuA8~~<+x0;
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: f8 2a 84 ee f4 61 0d 36 f4 61 d0 22 79 e2 91 ae 8c cc 23 fa b0 b0 e9 58 91 05 15 76 1d 80 f2 cc 73 1c be 74 40 77 97 91 c1 56 69 54 29 95 f0 99 d9 06 f8 64 98 c3 20 1f f2 46 b2 91 58 75 eb c0 40 49 7b 5c a8 6d 72 e6 40 ff f9 02 fb e2 f6 ac 84 54 ba 72 1c ff 13 56 b8 3f d0 de 35 cf 5e 26 20 03 cc 15 2b 61 5d d2 65 68 b6 cb 05 8a 6d 85 62 5e bc 82 10 4a 05 41 6f 08 d7 f5 39 16 ab 9b 9b 41 7d fb 7b a2 af df aa 7f 5d 77 51 fc 0c da 87 c6 65 49 13 72 69 8d 9e 59 83 3a d9 ee e3 28 a6 76 f6 e0 55 93 4b 49 12 1a 91 8e f3 c2 82 3c f6 47 4b 16 76 58 b2 b0 46 0f 9d 06 29 58 98 20 05 2b bd b5 85 6c aa f8 ca 6b 5e 82 ce 9f 22 46 60 d7 b5 50 f8 01 68 d6 6f c9 05 81 26 df e1 f5 b6 a9 5e a3 97 a0 f7 70 31 da 7c 8d eb d3 18 f0 64 ef e4 c7 1b c7 0a 9b a3 58 1e 6e 2e 16 5f
                                                                                                                                                                                                                                                                        Data Ascii: *a6a"y#Xvst@wViT)d FXu@I{\mr@TrV?5^& +a]ehmb^JAo9A}{]wQeIriY:(vUKI<GKvXF)X +lk^"F`Pho&^p1|dXn._
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: df e0 22 8c 55 3a f4 dd 80 92 61 ef b1 47 d3 76 2a ed 31 71 8a 17 04 c0 6b de fc 20 00 33 f3 d6 53 45 41 6f ed 7d b5 d6 07 5e 33 4f fa db 5c c9 1b 57 51 67 4b 62 45 63 ad 8a 82 a3 97 94 34 2d ae f9 0d 66 80 ca df 07 2a 7f de f9 4c 5a 88 0e 6c 4b 6c e5 6f 01 84 7d 0a 15 c9 57 13 9e 8e ef 25 b5 41 c7 96 ed 83 d2 46 a4 a7 1f 5d 1d f8 17 19 8a 3e f4 f2 ea 77 f1 30 77 8f d8 14 0e a8 de 07 73 dd b5 60 02 8f 33 f3 64 40 1e ba b4 da ef 0d b4 01 00 73 07 96 e2 77 a1 04 b0 3e c8 07 9b 70 ac b9 e3 04 11 62 81 97 07 ce f5 61 9c 05 b3 98 7f b0 65 00 6c be 97 37 bf 21 38 d6 d3 b7 64 31 2e a8 7b fa 45 3b 6c 7e 32 3c 18 6e 9d 02 1f 17 c5 60 3c 4d d7 5e e7 a7 bb af ef 5b af c6 f9 a7 f0 8c ed 05 f6 b3 02 ab 6a 2e 71 76 93 46 f6 74 8c e5 27 e9 46 be 19 db 86 aa 36 1c 90 71
                                                                                                                                                                                                                                                                        Data Ascii: "U:aGv*1qk 3SEAo}^3O\WQgKbEc4-f*LZlKlo}W%AF]>w0ws`3d@sw>pbael7!8d1.{E;l~2<n`<M^[j.qvFt'F6q
                                                                                                                                                                                                                                                                        2024-07-27 22:24:57 UTC16384INData Raw: a8 a9 7f 40 b4 a2 34 02 bd b2 07 64 73 03 4c 91 78 ce e8 89 d8 b1 ea 49 2d 42 18 ce 0c 60 d9 e5 39 21 ff b1 6d f8 a0 ff 86 d9 c1 23 83 79 da 80 60 94 99 56 cd 5b 3c 5d aa 47 c9 f5 08 f3 d9 ce 6c 5e b5 58 60 5a 20 b0 52 39 71 16 48 0f 91 d1 c0 e8 1b 33 f1 4c a4 5d d6 93 ba 86 5c d3 40 cb 5c f4 8b f1 da b3 03 14 30 7c 3c b7 46 8e 67 fa 60 ee d4 f0 9a 25 8e 67 ab 5c 12 f0 3e 05 68 bb d3 0a a3 b9 68 08 31 a0 3f 6a d3 d0 f7 fe f9 ea e8 55 99 4d c0 5b d2 88 07 86 91 dd f3 db 66 ca ce cd 6c 78 24 f0 92 5e a7 b7 35 2f fa 81 71 ec 80 b3 58 01 04 1e 70 50 0b 3b ca e9 f0 35 b9 47 13 00 3c 10 9f bc e9 ab 56 9a d3 ef 78 d1 24 54 e2 8d 6f 05 fa 2d b6 94 67 85 d0 c9 84 0c ba 76 11 3f f7 e8 91 3d 47 54 29 a0 cc 34 d3 1b 74 88 c7 00 2c 5f dc ea d9 5f 38 9e 3f 26 e0 43 b0
                                                                                                                                                                                                                                                                        Data Ascii: @4dsLxI-B`9!m#y`V[<]Gl^X`Z R9qH3L]\@\0|<Fg`%g\>hh1?jUM[flx$^5/qXpP;5G<Vx$To-gv?=GT)4t,__8?&C


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        11192.168.2.94972118.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC144OUTGET /f/WeatherZero/files/969/WZSetup.zip HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC520INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/zip
                                                                                                                                                                                                                                                                        Content-Length: 6227973
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Last-Modified: Thu, 08 Dec 2022 09:14:29 GMT
                                                                                                                                                                                                                                                                        x-amz-version-id: s20fxiZKNPOZhn5cscxnL4vQWeKpCNmb
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 07:21:07 GMT
                                                                                                                                                                                                                                                                        ETag: "7cc0288a2a8bbe014f9e344f3068c8f1"
                                                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 e23d0cd26e88be416569e15d7299b25c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: zXR7txEMO4PbTS2wLtTBfwcQwxQxjWwjvldbfS-BZCXPmbrSp_XwZQ==
                                                                                                                                                                                                                                                                        Age: 54232
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 76 86 87 55 c9 02 ed f5 8d 07 5f 00 10 8b 5f 00 0b 00 00 00 57 5a 53 65 74 75 70 2e 65 78 65 ec bd 7d 78 54 d5 b9 37 bc e7 2b 19 92 09 7b 02 89 46 f9 0a 12 14 0d 52 34 60 89 43 74 02 d9 21 58 06 26 0c 99 81 0a 08 42 70 18 23 a1 c9 de 88 96 e8 84 9d d1 6c 36 63 39 ad 7a 6c 6b 2d 88 3d b5 2d e7 d4 9e 5a a5 ad 8d 19 b0 49 50 d4 f0 51 88 42 6b d4 54 f7 38 51 a3 a4 61 80 98 fd fc ee b5 67 00 cf 79 ce 7b 9e eb b9 de f7 ba de 3f 4e 70 cd 5e 9f f7 5a eb 5e f7 e7 5a 6b 6f 3d df de c5 59 38 8e b3 22 e8 3a c7 ed e7 8c 3f 37 f7 df ff 75 21 8c 9e f4 87 d1 dc 8b a3 de 9c bc df b4 e8 cd c9 cb 82 1b 1b 0b 37 37 d4 df d3 b0 f6 be c2 75 6b 37 6d aa 17 0b ef ae 2d 6c 90 36 15 6e dc 54 58 b1 c4 57 78 5f fd fa da 19 39 39 59 45 29 18 ff 7a d3 f5
                                                                                                                                                                                                                                                                        Data Ascii: PKvU__WZSetup.exe}xT7+{FR4`Ct!X&Bp#l6c9zlk-=-ZIPQBkT8Qagy{?Np^Z^Zko=Y8":?7u!77uk7m-l6nTXWx_99YE)z
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC1514INData Raw: 6a f2 fa 47 1c 1c 2a c8 0f d9 c7 36 68 51 4f 32 da e6 b0 d1 77 64 1e 2b 34 1e 4e 1b dd 0a 0b 54 7b a1 21 bd a1 b1 d1 4a 47 68 ac b7 33 13 58 e1 b4 ae 0c 76 1d 65 4c 69 a6 38 7a 72 a5 bd 33 83 0e 51 e3 13 40 d3 06 2b c6 5f 23 1e 7c 84 00 a6 27 72 80 72 3c 34 11 fe a5 5c f5 8d 63 1f 8c aa 49 4d c4 d5 d3 70 9a 7f d9 2a d8 41 c6 53 c0 c3 ac e7 a8 b5 99 7f c9 6b e2 5f 76 9b e5 a4 53 11 fa 1b af 50 5f 2f 7e 17 04 8c 29 d3 f4 30 f4 f8 3e a2 c1 e4 18 c9 11 a2 77 5d 89 8b 97 27 a6 cb ed 5f 22 41 c6 6b ba eb 05 97 75 5d 8a ae 3f 1e d5 94 ea 3a ea 70 ba de 69 78 27 05 99 7f d9 61 0c c2 d3 ae d6 24 8b 7b 2c 47 d4 2e ac 8a d1 a7 9a 8c 7d 6e 93 3f 9e 24 f7 4e 8a b6 64 92 1c 8f ce cd 72 25 f9 47 b7 5d 80 9e 6f ea 77 4a bc 7c ce c4 6f bf 8f 6e 65 6d 7b cc 0e fd a1 47 31
                                                                                                                                                                                                                                                                        Data Ascii: jG*6hQO2wd+4NT{!JGh3XveLi8zr3Q@+_#|'rr<4\cIMp*ASk_vSP_/~)0>w]'_"Aku]?:pix'a${,G.}n?$Ndr%G]owJ|onem{G1
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: e8 36 cb 3b 16 ac 9c 31 97 ef cd d1 99 ce 53 a5 de 1b de 68 f5 8c 52 3d 8e a8 23 4a 08 72 7d d1 90 d1 21 d8 db 13 f3 d5 d1 2e 8f b3 71 bc e1 8c f1 df 8f 8d c0 8b 59 83 ae 36 a8 a3 e1 96 2b 52 6f 62 7c b1 c7 a9 d6 14 58 0e ed c8 cb 0d 1f f0 ca 42 af b5 b5 c6 ae d6 e4 6d 50 1d b9 c6 10 86 61 80 94 e8 c5 6f 2c 50 cf 1e fb 88 86 08 36 a5 71 ed b2 9c 70 d5 9c 6e 38 a3 7a 7a 54 29 a9 9e 3c f6 41 c2 5a f2 e5 91 4f 22 27 90 7a bb e4 4b c5 33 a0 be a1 9e 54 a4 e4 b1 0f ee 98 72 42 7d 1d f3 77 ed 64 73 16 af 2e 5e 55 a8 9e bd 03 d0 3e 5a 3c 45 4a ba 5e 64 d9 52 5c a9 19 94 9b 8e c3 e9 b9 9d de 70 a0 ff 6d 44 9f 15 23 d0 85 1e 10 02 ff d8 d5 ec 55 87 52 fa ee af dc a4 99 44 b2 22 98 e7 54 c4 fd bf f3 b7 52 e1 b8 5d ad 1c f7 0c c2 bf 23 bc 86 70 14 a1 0f 61 10 c1 81
                                                                                                                                                                                                                                                                        Data Ascii: 6;1ShR=#Jr}!.qY6+Rob|XBmPao,P6qpn8zzT)<AZO"'zK3TrB}wds.^U>Z<EJ^dR\pmD#URD"TR]#pa
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC10774INData Raw: 8e 3c d8 15 7b 7e ed b0 8a 5c cb 3d 49 9e fc cb e2 54 b7 7f 89 b3 6e 51 b0 68 eb d7 3f cd 2d 6e fa 24 50 63 34 69 75 5d d2 90 4f e4 a8 d3 48 6f d2 50 c4 a4 73 b6 68 e7 e5 c5 e4 ac 01 43 2e 47 d9 96 f6 8a 6c c1 84 0d f1 1e bf 7f ba e1 be 70 bd ed 41 0e 8b 61 dd ea a2 94 2b a3 ba db 93 cf 1e 55 bc a4 af d0 b8 be 25 6a c7 45 f9 6d a3 67 6f 0a 4f b1 79 b7 de 6e d4 40 bb ca 9d 6b 75 ff 9c cd 7a 49 dd 80 d2 8e a9 2b 8c ae 9a da 9d d9 f4 c9 7a b7 fb af 07 92 fa d8 cf ef 8f d9 c8 b4 78 2b d6 6f 84 fb f1 01 15 c9 9f 85 7f 69 1f de 9f 5f b8 cf 62 ba 31 9e ab 4d b1 3c e1 4c 83 f5 b9 96 2a a3 9e 92 76 f3 51 a5 bd ef 9e e8 86 1d ed 1b 6c fe 6d 4c 60 fb 56 4d 93 9c d5 63 af ac 47 99 32 a8 ab ba c6 93 d8 6e 1c fb 34 c3 9d c9 a8 bc 70 12 e2 5b 26 fc 76 5f 79 a4 74 f0 d1
                                                                                                                                                                                                                                                                        Data Ascii: <{~\=ITnQh?-n$Pc4iu]OHoPshC.GlpAa+U%jEmgoOyn@kuzI+zx+oi_b1M<L*vQlmL`VMcG2n4p[&v_yt
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: 2c 7d 79 53 29 de fe 72 36 db 66 3b e3 72 27 53 61 39 82 58 3b 9b 5d b8 aa eb 3b 77 05 4d ab ec 2a 0a 41 4d 80 d0 c5 45 27 00 3f a7 4c 25 be a1 b6 33 bc cd 5a 21 cf a1 68 cb f2 8c 4e cb 7f b0 f6 20 97 c1 7b 91 db 5a 3c 98 8c eb 7b b5 4d 75 d4 e7 ce 7e ba 49 92 16 0c 0e 4d 8c 9f 9a 98 4c 4c b8 d6 13 4b 1b bc 77 6f 34 83 a3 b1 c5 75 53 f9 09 0b 13 fa 1c ff 7c 5a b9 94 52 26 b3 33 b7 57 79 65 c4 7b a1 ca 81 b3 15 eb 8e 1a a3 04 2c da 52 25 0c 5f c9 a3 21 c8 24 65 1d ec 5c 64 97 8b 6b f8 59 65 35 51 a0 26 c2 2c 72 cd 8e aa 94 2f 1b 52 22 1a d5 a7 a4 23 ae 58 89 9c b8 a9 bb 7a 34 5e f6 9b 1b 50 cb 8f 5b 02 29 73 0b ba 82 3f 1c 60 59 26 f2 6e bc b6 7c c1 4b e8 21 53 f0 08 ea 70 f7 b9 41 45 5f 9f 3d 5b 64 8b 34 0d a1 17 fd 15 16 d0 f1 96 e1 5d c7 32 e9 17 a3 4f
                                                                                                                                                                                                                                                                        Data Ascii: ,}yS)r6f;r'Sa9X;];wM*AME'?L%3Z!hN {Z<{Mu~IMLLKwo4uS|ZR&3Wye{,R%_!$e\dkYe5Q&,r/R"#Xz4^P[)s?`Y&n|K!SpAE_=[d4]2O
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: be d9 f0 9b ed 12 ab 2f 9c f3 0e 78 c0 fd 20 73 1c da fe 13 0c ef cd eb 33 dc 8c 1e 45 06 26 ec eb 07 a1 52 aa ef 7f 12 cf bb 8d e3 a1 aa 81 08 7e 33 e8 82 89 90 a7 ed e7 16 5e 64 e2 fe ca f7 84 10 4c 09 0f 08 29 d6 c6 39 f8 54 01 f3 6b b9 42 96 ca 97 24 fe 1a 4e 90 f0 3f 5f e2 15 42 b3 07 3b 0e 0d 31 6d d4 4a 16 32 56 0e c2 7c b3 7d 12 89 6e 49 ee df b0 34 85 5c a2 e5 d2 03 fd f9 b8 aa 49 b8 04 b3 66 83 56 68 ac a8 48 38 e9 6c d2 e9 5a 10 b4 4f a3 c7 0a 72 57 74 cc e4 23 77 6f 56 1b 87 49 c4 37 33 19 19 ad 8f 97 2b 3b ec 12 df f4 a7 20 61 05 f1 7f be 64 0d 5c d7 dd f0 ff f4 25 b2 41 27 18 98 33 d8 47 d6 f5 d7 c3 66 a2 83 8b e7 e8 25 f7 ae e9 bd db 6d b2 00 6e fd 9f 5b d4 ee 42 96 06 4a 2b 66 f6 b4 0b 63 df e2 0e 85 93 4c aa 83 b8 ff 05 05 a1 5f 45 db c6
                                                                                                                                                                                                                                                                        Data Ascii: /x s3E&R~3^dL)9TkB$N?_B;1mJ2V|}nI4\IfVhH8lZOrWt#woVI73+; ad\%A'3Gf%mn[BJ+fcL_E
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC4622INData Raw: fe b3 ee 3e f7 30 3a 0f be b2 23 52 68 c2 82 52 25 fb 24 28 0b e5 84 28 0b 85 84 28 fb fe be 08 ad cf 3c 5a aa 30 fc ff d8 71 77 bb 6d 86 8e 05 48 fe 7a a4 4b be e1 a4 82 cb 68 b9 fe fe 9f ad d8 3f 3f e6 b5 da fc 7c cb 16 be 55 33 3e d4 3f f2 21 45 8b fd ba 18 45 f3 52 dd b5 68 f2 28 6b 37 f6 03 1b 80 83 59 66 95 ba 3f 09 5d ef ed a9 d9 a9 00 2a 3c 79 9e 42 6e db 02 d5 da 92 7d e3 ef 93 04 0a 59 1f 17 44 3e c0 06 74 40 df 0b 00 11 7e 1a 2c 8e 89 f4 15 c6 4a ee 7c 93 86 0d e8 8a c1 e6 c8 4d 44 18 c7 76 e9 96 21 2e 54 74 49 fe b8 4b 82 d2 a4 f6 56 ea ef a5 6f f0 96 14 df f6 b5 de 12 69 cd 92 a8 94 2f e9 11 7a 3f 6c 6f 2c 0c 49 66 e2 65 58 69 e1 e5 d9 5c ce 7f 90 91 a4 05 69 6c 58 45 5a 6c 18 5e 29 96 d4 49 32 0a 9d da e3 f4 84 da 4f d2 43 70 f2 64 4a 73 4d
                                                                                                                                                                                                                                                                        Data Ascii: >0:#RhR%$(((<Z0qwmHzKh??|U3>?!EERh(k7Yf?]*<yBn}YD>t@~,J|MDv!.TtIKVoi/z?lo,IfeXi\ilXEZl^)I2OCpdJsM
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: 8a 4f e6 06 7d 87 01 2e 86 d4 e0 a7 7a 07 73 24 fd de f0 17 16 1b 60 31 06 b8 ef 7d b2 d8 f7 dd 7b e0 77 e8 d7 5a 94 30 fe ef c7 96 2e c1 cf 10 be c3 f4 a0 95 f0 a4 fe d2 e7 fd 57 c8 52 e4 60 e4 74 fb fe d6 e6 a2 a4 c6 78 ce 7b 7c c2 d6 16 68 be b1 ef dc 58 a8 92 b8 6c a8 57 d4 cb d5 55 a0 95 9d d8 09 66 22 df 4d 3f 4c 67 11 fe 7a 28 fe b0 e6 22 f8 16 04 ec 1c 5e 0a ef 68 7e 23 ce d0 a2 4b 0a 94 e0 94 a8 9f 2c 17 23 8e 1f 30 5f 17 4b 1a fe a4 db 99 2a cf dd c7 86 3a fc b4 85 71 fa 96 99 dd ca b8 47 2d 9b dd 31 71 6c 79 63 e7 14 bb a7 f7 cc 51 36 c8 a5 a8 e4 89 cc b5 67 5c 55 41 24 82 6f ac ca 07 24 2f d1 79 38 e7 61 58 c1 f1 26 af 6b c7 f7 51 05 1c 92 98 c9 30 52 62 d4 64 84 a4 cb 53 67 a1 73 f2 62 a2 9b 53 1c bc 1e d5 9d 06 6f ac 5a 20 28 93 5d 99 80 72
                                                                                                                                                                                                                                                                        Data Ascii: O}.zs$`1}{wZ0.WR`tx{|hXlWUf"M?Lgz("^h~#K,#0_K*:qG-1qlycQ6g\UA$o$/y8aX&kQ0RbdSgsbSoZ (]r
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: f4 9e d5 64 f3 2c bd ea 74 d2 2b 37 df 5e 1f 7a 64 b6 25 1d a3 eb d6 5d bf fa f0 4c 96 b7 68 58 79 25 12 bf 3f cd cd 37 a0 a2 ec dd 5e c7 52 8d 17 70 79 f8 ed 85 87 b1 2e 0e ef 89 89 cc 28 f6 6e 3a 05 25 87 41 09 a8 80 58 1e 50 d3 98 de 18 91 e8 32 5d c1 a3 da 76 9d c7 cb 84 ee be 8d 4e 95 9a ac 7c 9d eb 42 8b ac f6 1b ff c2 77 61 26 d7 96 03 7b c8 75 f5 12 5e 6f d0 58 28 1c 27 58 43 60 63 1a 0a d2 99 a9 bf 9a 5e f1 f2 47 b0 16 96 73 01 53 42 60 3c 21 2b b7 30 07 e6 a1 74 99 7b 29 03 dd b4 57 96 1b 6f ca 84 eb f3 ce 72 a8 1c 83 d0 18 ce de 35 94 05 f8 a2 87 2e 12 62 2c 1e be 36 73 5f 3e 35 86 77 e2 5b b1 2f bd 2d d7 4c e7 c2 b9 4b c8 5f af 38 54 98 73 05 e1 40 a2 96 b4 4e a7 cf 9f eb fe 9e 36 05 1c 14 df ad 4e 97 e3 23 07 0e ce d7 7c af 89 76 66 fc 43 91
                                                                                                                                                                                                                                                                        Data Ascii: d,t+7^zd%]LhXy%?7^Rpy.(n:%AXP2]vN|Bwa&{u^oX('XC`c^GsSB`<!+0t{)Wor5.b,6s_>5w[/-LK_8Ts@N6N#|vfC
                                                                                                                                                                                                                                                                        2024-07-27 22:24:58 UTC16384INData Raw: d3 35 5e 88 22 ac e0 56 85 f0 26 d3 14 98 1a c5 30 cc a6 79 6c f4 cc f5 3f 49 31 61 ca 4a 31 b1 56 c8 5a e0 81 e6 df f2 b3 c8 38 c3 86 1f a0 7c 35 7d d5 08 d8 14 87 03 ec 9c d3 70 a6 3c 0b 03 9c 8f 7d 5d 11 76 66 36 10 0d a5 91 56 a7 a9 65 ce 6b 34 c6 01 57 e4 f1 68 8d ac 08 19 3a 48 91 40 84 6b b4 2e 62 c9 c5 b0 58 1f 79 1d 6b ab 2c dd 2b fd 95 46 80 c3 45 6c a3 eb 5b 1f 8a 1e ce 62 61 6a 97 34 37 23 01 9f 77 9d fb b1 99 56 16 f4 eb ad 78 eb 06 55 9b 22 82 5a 4a fa 7e a6 10 90 04 e4 34 6e 36 db 45 c6 5c 2e 21 45 5a 7c a7 dd f2 cd d5 58 fb 85 42 df 94 4b 4f f1 4d 27 71 02 7c ca 53 a0 c2 eb 2e d9 71 aa c3 a8 b6 c2 8e 5f 91 d3 c3 40 50 f1 7e 3b a6 90 c2 0a cf 34 27 e8 0a 0d 0a 2b 04 ab e8 0e b2 aa 11 49 4f 59 03 19 3f 4c 47 37 94 f4 b9 17 bd 65 56 1b 17 b8
                                                                                                                                                                                                                                                                        Data Ascii: 5^"V&0yl?I1aJ1VZ8|5}p<}]vf6Vek4Wh:H@k.bXyk,+FEl[baj47#wVxU"ZJ~4n6E\.!EZ|XBKOM'q|S.q_@P~;4'+IOY?LG7eV


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        12192.168.2.94972218.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:04 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 353
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:25:04 UTC353OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 52 41 56 5f 43 72 6f 73 73 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 52 41 56 5f 43 72 6f 73 73 5f 54 72 69 5f 4e 43 42 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"RAV_Cross\",\"18\":\"ZB_RAV_Cross_Tri_NCB\",\"19\":\"\",\"21\":\"133\",\"6\":\"3\",\"7\
                                                                                                                                                                                                                                                                        2024-07-27 22:25:04 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:04 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 ea7cd71b17e29a29176686830f1a76c4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: SS5q3YTJPN0C3fk-8r349fUTnBxt_aVUOeFWBCjnp0tbmQJBeytQWg==
                                                                                                                                                                                                                                                                        2024-07-27 22:25:04 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        13192.168.2.94972318.239.36.944437912C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC273OUTGET /ReasonLabs-Setup-Wizard.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true&oip=26&ptl=7&dta=true&pds=%5bepp%2cvpn%2cdns%5d HTTP/1.1
                                                                                                                                                                                                                                                                        Host: shield.reasonsecurity.com
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC1149INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                                        Content-Length: 2366456
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:05 GMT
                                                                                                                                                                                                                                                                        ETag: W/"241bf8-3vgoPcO+DtKilLOYESdbB6UJyW8"
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                        Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                        Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                                                        X-Download-Options: noopen
                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                        content-disposition: attachment; filename=ReasonLabs-Setup-Wizard.exe
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 d53a72f970327ac790782b2a7692e5f6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: AMS58-P2
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: WR_2Zr3HQiHs0yvA9Qgw_L1nybVBxdR5qL4JOrXTo_fhXeqgk0TyGQ==
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC7235INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a9 4b 61 00 ed 2a 0f 53 ed 2a 0f 53 ed 2a 0f 53 82 35 04 53 ee 2a 0f 53 6e 36 01 53 e5 2a 0f 53 82 35 05 53 e6 2a 0f 53 82 35 0b 53 ef 2a 0f 53 63 22 50 53 ec 2a 0f 53 ed 2a 0e 53 64 2a 0f 53 6e 22 52 53 e4 2a 0f 53 db 0c 04 53 ae 2a 0f 53 fb 55 0b 52 ec 2a 0f 53 db 0c 05 53 ef 2a 0f 53 f6 b7 a5 53 e1 2a 0f 53 75 58 0c 52 ec 2a 0f 53 2a 2c 09 53 ec 2a 0f 53 52 69 63 68 ed 2a 0f
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Ka*S*S*S5S*Sn6S*S5S*S5S*Sc"PS*S*Sd*Sn"RS*SS*SUR*SS*SS*SuXR*S*,S*SRich*
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC16384INData Raw: c6 45 fc 04 e8 97 09 00 00 8b 47 04 8b 17 59 8b 44 82 fc 8b 4e 20 51 53 8b 00 6a ff 53 50 8b 10 ff 52 1c ff 75 e8 89 86 88 00 00 00 e8 6f 09 00 00 ff 75 80 e8 67 09 00 00 ff 75 dc e8 5f 09 00 00 83 c4 0c 8d 4d d0 88 5d fc e8 7f 06 00 00 ff 75 b4 e8 49 09 00 00 59 5f 8b 4d f4 5e 5b 64 89 0d 00 00 00 00 c9 c3 ff 71 28 e8 31 09 00 00 59 c3 53 56 8b f1 33 db 8d 4e 08 89 1e e8 22 00 00 00 8d 4e 44 89 5e 28 89 5e 2c 89 5e 30 89 5e 34 89 5e 38 89 5e 3c 88 5e 40 e8 4c 0e 00 00 8b c6 5e 5b c3 8b c1 33 c9 83 08 ff 88 48 04 88 48 05 88 48 06 88 48 07 88 48 08 88 48 09 88 48 0a 88 48 0b 88 48 0c 88 48 0d 88 48 0e 88 48 0f 89 48 18 c6 40 10 01 c6 40 11 01 88 48 12 88 48 13 88 48 14 88 48 15 88 48 16 89 48 1c c6 40 04 01 c6 40 05 01 c6 40 06 01 c6 40 07 01 c6 40 0e 01
                                                                                                                                                                                                                                                                        Data Ascii: EGYDN QSjSPRuougu_M]uIY_M^[dq(1YSV3N"ND^(^,^0^4^8^<^@L^[3HHHHHHHHHHHHH@@HHHHHH@@@@@
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC2673INData Raw: b0 f2 41 00 33 c0 85 f6 57 76 30 bf b0 f1 41 00 8b 17 8b 5a 08 3b 5c 24 10 75 18 8b 5a 0c 3b 5c 24 14 75 0f 84 c9 74 05 8b 52 04 eb 02 8b 12 85 d2 75 0b 40 83 c7 04 3b c6 72 d5 83 c8 ff 5f 5e 5b c2 08 00 b8 2e a4 41 00 e8 3f 2f 01 00 83 ec 0c 83 65 f0 00 57 8b fa 89 4d ec 83 65 fc 00 57 ff 75 0c 8d 55 f0 ff 75 08 e8 60 ff ff ff 83 7d f0 00 89 45 0c 74 40 56 6a 70 c6 47 09 01 e8 e9 c8 ff ff 59 8b c8 89 4d e8 85 c9 c6 45 fc 01 74 0c ff 75 ec e8 76 09 00 00 8b f0 eb 02 33 f6 80 65 fc 00 56 8b cf e8 d1 24 00 00 8d 4e 68 ff 75 f0 e8 c6 24 00 00 5e 8b 45 f0 83 4d fc ff 85 c0 5f 74 06 8b 08 50 ff 51 08 8b 4d f4 8b 45 0c 64 89 0d 00 00 00 00 c9 c2 08 00 b8 40 a4 41 00 e8 a9 2e 01 00 51 56 8b f1 89 75 f0 8b 46 04 83 65 fc 00 85 c0 74 06 8b 08 50 ff 51 08 8b 36 83
                                                                                                                                                                                                                                                                        Data Ascii: A3Wv0AZ;\$uZ;\$utRu@;r_^[.A?/eWMeWuUu`}Et@VjpGYMEtuv3eV$Nhu$^EM_tPQMEd@A.QVuFetPQ6
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC240INData Raw: 50 3c 88 48 3d 89 48 44 89 48 4c 89 48 50 89 48 54 89 48 64 89 48 68 c7 00 c8 ba 41 00 c7 40 04 b8 ba 41 00 c7 40 08 a8 ba 41 00 c7 40 0c 94 ba 41 00 c7 40 10 84 ba 41 00 c7 40 14 70 ba 41 00 c7 40 18 60 ba 41 00 c7 40 1c 50 ba 41 00 c7 40 20 3c ba 41 00 c7 40 24 2c ba 41 00 c2 04 00 55 8b ec 53 56 8b 75 0c 57 8b 7d 10 6a 10 5b 83 27 00 53 68 cc c3 41 00 56 e8 bf 24 01 00 83 c4 0c 85 c0 75 0a 8b 75 08 89 37 e9 44 01 00 00 53 68 60 b2 41 00 56 e8 a2 24 01 00 83 c4 0c 85 c0 74 e3 53 68 50 b3 41 00 56 e8 8f 24 01 00 83 c4 0c 85 c0 75 0d 8b 75 08 8b c6 8d 4e 04 e9 09 01 00 00 53 68 70 b3 41 00 56 e8 6f 24 01 00 83 c4 0c 85 c0 75 0d 8b 75 08 8b c6 8d 4e 08 e9 e9 00 00 00 53 68 30 b3 41 00 56 e8 4f 24 01 00 83 c4 0c
                                                                                                                                                                                                                                                                        Data Ascii: P<H=HDHLHPHTHdHhA@A@A@A@A@pA@`A@PA@ <A@$,AUSVuW}j['ShAV$uu7DSh`AV$tShPAV$uuNShpAVo$uuNSh0AVO$
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC8192INData Raw: 85 c0 75 0d 8b 75 08 8b c6 8d 4e 0c e9 c9 00 00 00 53 68 b0 b1 41 00 56 e8 2f 24 01 00 83 c4 0c 85 c0 75 0d 8b 75 08 8b c6 8d 4e 10 e9 a9 00 00 00 53 68 40 b3 41 00 56 e8 0f 24 01 00 83 c4 0c 85 c0 75 0d 8b 75 08 8b c6 8d 4e 14 e9 89 00 00 00 53 68 c0 b1 41 00 56 e8 ef 23 01 00 83 c4 0c 85 c0 75 0a 8b 75 08 8b c6 8d 4e 18 eb 6c 53 68 00 b2 41 00 56 e8 d2 23 01 00 83 c4 0c 85 c0 75 0a 8b 75 08 8b c6 8d 4e 1c eb 4f 53 68 60 b3 41 00 56 e8 b5 23 01 00 83 c4 0c 85 c0 75 0a 8b 75 08 8b c6 8d 4e 20 eb 32 53 bb a0 b2 41 00 53 56 e8 97 23 01 00 83 c4 0c 85 c0 75 2d 8b 75 08 39 46 64 8d 4e 64 75 0e 8b 46 68 51 53 50 8b 10 ff 12 85 c0 75 19 8b c6 8d 4e 24 f7 d8 1b c0 23 c1 89 07 ff 46 28 33 c0 eb 05 b8 02 40 00 80 5f 5e 5b 5d c2 0c 00 8b 44 24 04 ff 40 28 8b 40 28
                                                                                                                                                                                                                                                                        Data Ascii: uuNShAV/$uuNSh@AV$uuNShAV#uuNlShAV#uuNOSh`AV#uuN 2SASV#u-u9FdNduFhQSPuN$#F(3@_^[]D$@(@(
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC6396INData Raw: 08 89 7e 0c e8 80 a3 ff ff 89 7e 1c 89 7e 20 89 7e 24 8b c6 5f 5e c3 56 57 8b f9 8b 77 04 85 f6 74 1e 53 8b 07 4e 8b 1c b0 85 db 74 0e 8b cb e8 48 89 ff ff 53 e8 05 9e ff ff 59 85 f6 75 e4 5b 83 67 04 00 5f 5e c3 53 8b 59 04 83 fb 01 76 4b 56 8b 31 57 8b fb 83 ee 04 d1 ef ff 74 24 14 8b d7 8b ce ff 74 24 14 53 e8 51 01 00 00 4f 75 eb 8d 3c 9e ff 74 24 14 8b 4e 04 8b 07 4b ff 74 24 14 89 0f 8b ce 83 ef 04 53 6a 01 5a 89 46 04 e8 2a 01 00 00 83 fb 01 77 da 5f 5e 5b c2 08 00 b8 6a a6 41 00 e8 83 03 01 00 51 56 57 8b f1 6a 18 e8 56 9d ff ff 8b f8 59 89 7d f0 83 65 fc 00 85 ff 74 1f 53 8b 5d 08 53 8b cf e8 6d a3 ff ff 83 c3 0c 8d 4f 0c 53 c6 45 fc 01 e8 5d a3 ff ff 5b eb 02 33 ff 8b 46 04 8d 48 01 89 4e 04 8b 0e 89 3c 81 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 c9
                                                                                                                                                                                                                                                                        Data Ascii: ~~~ ~$_^VWwtSNtHSYu[g_^SYvKV1Wt$t$SQOu<t$NKt$SjZF*w_^[jAQVWjVY}etS]SmOSE][3FHN<M_^d
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC1340INData Raw: ec e8 30 07 00 00 8b 4d ec 8d 85 64 fe ff ff 50 e8 98 07 00 00 ff 75 a8 e8 26 85 ff ff ff 75 cc e8 1e 85 ff ff 59 c6 45 fc 04 59 8d 8d 64 fe ff ff e8 5f 82 ff ff 8b 45 e8 c6 45 fc 03 85 c0 74 06 8b 08 50 ff 51 08 8b 45 e4 c6 45 fc 02 85 c0 74 06 8b 08 50 ff 51 08 8b 45 f0 83 4d fc ff 85 c0 0f 84 57 fc ff ff 8b 08 50 ff 51 08 e9 4c fc ff ff 83 fe 01 75 21 8b 7d ec 8d 85 2c fe ff ff 50 8d 4f 30 e8 c3 f5 ff ff 8d 85 9c fd ff ff 8d 4f 24 50 e8 3a 8b ff ff 83 4d fc ff 8d 8d 84 fd ff ff e8 ee 81 ff ff e9 8e 01 00 00 8d 4d bc 8b f0 e8 5d b5 ff ff e9 7f 01 00 00 8d 8d 64 fe ff ff c6 45 fc 04 e8 cb 81 ff ff 8b 45 e8 c6 45 fc 03 3b c7 74 06 8b 08 50 ff 51 08 8b 45 e4 c6 45 fc 02 3b c7 74 06 8b 08 50 ff 51 08 8b 45 f0 83 4d fc ff 3b c7 74 06 8b 08 50 ff 51 08 8b 45
                                                                                                                                                                                                                                                                        Data Ascii: 0MdPu&uYEYd_EEtPQEEtPQEMWPQLu!},PO0O$P:MM]dEEE;tPQEE;tPQEM;tPQE
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC2896INData Raw: c6 45 fc 03 e8 48 85 ff ff 8d 7e 60 c6 45 fc 04 8b cf e8 56 9c ff ff 8d 4f 28 e8 32 85 ff ff 8d 8e 98 00 00 00 c6 45 fc 05 e8 f3 d4 ff ff 8b 4d f4 c7 06 d0 bc 41 00 c7 46 04 bc bc 41 00 c7 46 08 ac bc 41 00 c7 46 0c 98 bc 41 00 8b c6 5f 5e 64 89 0d 00 00 00 00 c9 c3 55 8b ec 56 8b 75 10 57 8b 7d 0c 83 26 00 6a 10 68 cc c3 41 00 57 e8 a0 e5 00 00 83 c4 0c 85 c0 75 07 8b 45 08 89 06 eb 56 6a 10 68 30 b4 41 00 57 e8 85 e5 00 00 83 c4 0c 85 c0 74 e5 6a 10 68 60 b4 41 00 57 e8 71 e5 00 00 83 c4 0c 85 c0 75 0a 8b 45 08 8b c8 8d 50 04 eb 1c 6a 10 68 80 b4 41 00 57 e8 53 e5 00 00 83 c4 0c 85 c0 75 17 8b 45 08 8b c8 8d 50 08 f7 d9 1b c9 23 ca 89 0e ff 40 10 33 c0 eb 05 b8 02 40 00 80 5f 5e 5d c2 0c 00 8b 44 24 04 ff 40 10 8b 40 10 c2 04 00 56 8b 74 24 08 ff 4e 10
                                                                                                                                                                                                                                                                        Data Ascii: EH~`EVO(2EMAFAFAFA_^dUVuW}&jhAWuEVjh0AWtjh`AWquEPjhAWSuEP#@3@_^]D$@@Vt$N
                                                                                                                                                                                                                                                                        2024-07-27 22:25:05 UTC7240INData Raw: 16 03 c2 80 38 00 75 79 83 65 f8 00 c6 00 01 8b 46 0c 83 3f 00 8b 40 28 8b 0c 08 76 5b 89 4d fc ff 75 fc 8b 4e 0c e8 5f 00 00 00 84 c0 75 3c 8b 46 0c 83 65 08 00 8b 48 10 85 c9 76 15 8b 50 0c 8b 1a 3b 5d fc 74 35 ff 45 08 83 c2 08 39 4d 08 72 ee 83 c9 ff 85 c9 7c 28 8b 40 0c ff 74 c8 04 8b ce e8 76 ff ff ff 84 c0 74 16 ff 45 f8 ff 45 fc 8b 45 f8 3b 07 72 a8 b0 01 eb 07 8b 4d 08 eb d4 32 c0 5f 5e 5b c9 c2 04 00 8b 41 1c 33 d2 85 c0 56 76 13 8b 49 18 8b 31 3b 74 24 08 74 0b 42 83 c1 04 3b d0 72 f0 83 ca ff 33 c0 5e 85 d2 0f 9d c0 c2 04 00 56 8b f1 8b 46 0c 8b 50 04 e8 5c 49 00 00 8b 46 0c 8b ce ff 70 24 e8 0d ff ff ff 84 c0 74 1a 8b 4e 04 33 c0 85 c9 76 0d 8b 36 80 3c 06 00 74 09 40 3b c1 72 f5 b0 01 5e c3 32 c0 5e c3 83 61 2c 00 83 61 38 00 c3 b8 80 aa 41
                                                                                                                                                                                                                                                                        Data Ascii: 8uyeF?@(v[MuN_u<FeHvP;]t5E9Mr|(@tvtEEE;rM2_^[A3VvI1;t$tB;r3^VFP\IFp$tN3v6<t@;r^2^a,a8A
                                                                                                                                                                                                                                                                        2024-07-27 22:25:06 UTC16384INData Raw: 44 e8 69 58 ff ff 59 59 8d 4e 04 e8 02 ff ff ff 5e c3 56 8b 74 24 10 6a 10 68 cc c3 41 00 ff 74 24 14 83 26 00 e8 52 be 00 00 83 c4 0c 85 c0 75 0d 8b 44 24 08 89 06 ff 40 68 33 c0 eb 05 b8 02 40 00 80 5e c2 0c 00 8b 44 24 04 ff 40 68 8b 40 68 c2 04 00 8b 4c 24 04 ff 49 68 8b 41 68 75 10 85 c9 74 0a 8b 41 04 83 c1 04 6a 01 ff 10 33 c0 c2 04 00 ff 74 24 10 8b 41 74 8b 4c 24 08 ff 74 24 10 8b 0c 88 ff 74 24 10 83 c1 18 e8 01 e5 ff ff c2 10 00 56 8b f1 e8 18 00 00 00 f6 44 24 08 01 74 0a 8d 46 fc 50 e8 c3 57 ff ff 59 8d 46 fc 5e c2 04 00 b8 7f ac 41 00 e8 9e bd 00 00 51 56 8b f1 89 75 f0 8d 4e 74 c7 45 fc 01 00 00 00 e8 cb 03 00 00 80 65 fc 00 8d 4e 68 e8 83 03 00 00 8d 4e fc f7 d9 1b c9 23 ce e8 ff fe ff ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 8b c1 33 c9
                                                                                                                                                                                                                                                                        Data Ascii: DiXYYN^Vt$jhAt$&RuD$@h3@^D$@h@hL$IhAhutAj3t$AtL$t$t$VD$tFPWYF^AQVuNtEeNhN#M^d3


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        14192.168.2.94972418.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 355
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC355OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 41 64 76 69 73 6f 72 5f 56 33 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22 3a 5c
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"WebAdvisor\",\"18\":\"ZB_WebAdvisor_V3\",\"19\":\"\",\"21\":\"133\",\"6\":\"3\",\"7\":\
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:07 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 8d70d51432f10e2eca684af448a5f99e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: EjOFpxrq60a3oMjj8xxO4l0Z7H0fzCIJ9M9R0PnlCO5CLWCwA3LHEg==
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        15192.168.2.94972552.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 311
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 46 34 32 37 39 31 42 45 2d 46 36 37 45 2d 34 42 35 44 2d 39 32 31 37 2d 46 42 38 43 37 44 36 33 37 34 43 34 7d 22 2c 22 65 61 22 3a 22 50 72 6f 63 65 73 73 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{F42791BE-F67E-4B5D-9217-FB8C7D6374C4}","ea":"Process","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:07 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: d63f67b0-ed93-b387-8920-11b3a1e66bd3
                                                                                                                                                                                                                                                                        x-amz-id-2: v7EEEHNFSpgn/n88UOxBFfXLJBdZ+T7zqsKqOkjspBRtll1yrO6VrMiPAfzXSCFuzkfJohbT1YreGMPNmb2PdFjUWkwn/ri/
                                                                                                                                                                                                                                                                        2024-07-27 22:25:07 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        16192.168.2.94972652.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 311
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 46 34 32 37 39 31 42 45 2d 46 36 37 45 2d 34 42 35 44 2d 39 32 31 37 2d 46 42 38 43 37 44 36 33 37 34 43 34 7d 22 2c 22 65 61 22 3a 22 49 6e 73 74 61 6c 6c 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{F42791BE-F67E-4B5D-9217-FB8C7D6374C4}","ea":"Install","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:08 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amz-id-2: XmZLir5BusFCKXYUmkATUXze/eSvDwzgM07IqIiQwnXN8vrqFDyD0Da9DyvbWgRcxbnxRxRebErw43v2ySl8l+UIH/0WtfvU
                                                                                                                                                                                                                                                                        x-amzn-RequestId: e0824d12-fd32-e320-bf9d-3b160f0ae817
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        17192.168.2.94972718.173.206.1124437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 343
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:25:08 UTC343OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 61 74 68 65 72 5a 65 72 6f 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 5a 5f 56 31 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22 3a 5c 22 31 2e 33 34 2e 33
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"WeatherZero\",\"18\":\"ZB_WZ_V1\",\"19\":\"\",\"21\":\"133\",\"6\":\"3\",\"7\":\"1.34.3
                                                                                                                                                                                                                                                                        2024-07-27 22:25:09 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:09 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 daf01c71790f42e645ae4024c607941e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: PpdXDTO-6hmSEskYzDamQqqLKcLAnSxTfeUUcVAh2BIjnqsxQtSoCQ==
                                                                                                                                                                                                                                                                        2024-07-27 22:25:09 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        18192.168.2.949729188.114.96.34438072C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:09 UTC208OUTPOST /forecast HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                        Host: localweatherfree.com
                                                                                                                                                                                                                                                                        Content-Length: 279
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-07-27 22:25:09 UTC279OUTData Raw: 6c 6f 63 61 74 69 6f 6e 3d 56 50 6d 57 51 51 58 5a 37 4e 79 6d 4e 69 30 32 55 6a 35 57 4c 77 63 56 6d 4c 32 41 4e 59 55 47 4b 5a 79 43 42 49 54 66 56 35 68 62 6d 57 61 61 70 4b 53 4d 49 7a 75 51 6c 25 32 42 4c 72 62 62 4d 35 42 42 55 5a 50 45 58 42 30 65 4f 61 57 6e 48 56 5a 38 64 70 57 32 53 78 46 53 53 53 67 30 47 43 59 58 62 34 56 59 39 76 6e 6e 6f 43 25 32 46 78 6a 48 37 64 65 6b 41 57 56 25 32 46 71 4a 6a 4d 64 58 47 5a 4e 31 49 6a 62 69 75 58 62 42 25 32 42 71 63 25 32 46 74 46 63 34 6f 78 50 51 30 4c 41 62 67 4a 53 4c 42 54 49 77 66 25 32 42 41 6c 72 31 32 4d 45 54 48 33 39 47 45 52 25 32 46 75 77 4e 36 75 33 46 61 4c 59 68 43 42 39 51 6a 53 36 68 25 32 42 42 73 73 55 36 46 49 74 69 46 48 78 73 77 70 68 71 43 25 32 42 67 78 69 73 39 69 46 48 76 4d
                                                                                                                                                                                                                                                                        Data Ascii: location=VPmWQQXZ7NymNi02Uj5WLwcVmL2ANYUGKZyCBITfV5hbmWaapKSMIzuQl%2BLrbbM5BBUZPEXB0eOaWnHVZ8dpW2SxFSSSg0GCYXb4VY9vnnoC%2FxjH7dekAWV%2FqJjMdXGZN1IjbiuXbB%2Bqc%2FtFc4oxPQ0LAbgJSLBTIwf%2BAlr12METH39GER%2FuwN6u3FaLYhCB9QjS6h%2BBssU6FItiFHxswphqC%2Bgxis9iFHvM
                                                                                                                                                                                                                                                                        2024-07-27 22:25:10 UTC582INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lWsPvuBRCMVeJFX8l5J6cnM9nI4EWyGFwEFNThgwT%2BmZEpWZYnPDQteADKqAZxrzc006iiM1RoGxRYzrvHJUYMhZ2fhcHnEkoS07y3RgQuKMiDHvJzDsWodBSJVvdedQ%2FvNNJj2N4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00b354f1019ff-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-07-27 22:25:10 UTC70INData Raw: 34 30 0d 0a 50 58 70 45 58 44 5a 75 5a 65 36 6f 41 68 55 52 33 4e 77 6c 47 64 30 2f 6a 2b 39 57 4d 77 38 78 31 41 36 6b 36 6f 6a 75 62 34 48 42 47 45 79 64 4d 68 51 79 59 47 6a 4f 47 6a 34 47 66 59 2f 53 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 40PXpEXDZuZe6oAhUR3NwlGd0/j+9WMw8x1A6k6ojub4HBGEydMhQyYGjOGj4GfY/S
                                                                                                                                                                                                                                                                        2024-07-27 22:25:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        19192.168.2.949730188.114.96.34438072C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:12 UTC208OUTPOST /forecast HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                        Host: localweatherfree.com
                                                                                                                                                                                                                                                                        Content-Length: 277
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-07-27 22:25:12 UTC277OUTData Raw: 6c 6f 63 61 74 69 6f 6e 3d 67 43 37 45 45 46 4e 56 4a 66 59 39 58 52 65 4c 33 4c 38 37 63 30 25 32 42 55 73 6d 71 25 32 46 66 6b 77 6c 77 64 6e 74 4e 67 73 5a 42 53 36 78 6b 6f 50 39 51 38 49 67 47 50 42 65 5a 32 4e 71 41 36 63 6d 58 4c 39 37 5a 53 33 6b 6c 61 34 78 35 64 55 63 68 4f 49 4f 70 57 4c 66 5a 7a 73 64 62 61 62 73 65 42 7a 59 41 63 75 6f 6b 31 7a 79 31 4d 63 35 35 5a 33 59 6c 36 6a 78 46 25 32 46 76 64 55 5a 51 67 58 36 72 69 7a 6f 30 45 6a 6a 45 4d 71 52 30 69 57 48 38 46 41 39 52 62 46 31 31 77 35 25 32 42 50 55 59 6b 49 33 6b 54 73 4f 68 4d 51 75 4b 78 66 46 43 48 36 6b 73 61 25 32 42 33 72 5a 36 70 4c 36 77 25 32 42 53 32 76 34 46 51 6a 77 4b 4a 30 7a 71 55 6f 56 25 32 46 32 35 6f 66 37 44 4f 58 73 6e 46 30 6a 35 50 76 49 51 71 4d 39 61 25
                                                                                                                                                                                                                                                                        Data Ascii: location=gC7EEFNVJfY9XReL3L87c0%2BUsmq%2FfkwlwdntNgsZBS6xkoP9Q8IgGPBeZ2NqA6cmXL97ZS3kla4x5dUchOIOpWLfZzsdbabseBzYAcuok1zy1Mc55Z3Yl6jxF%2FvdUZQgX6rizo0EjjEMqR0iWH8FA9RbF11w5%2BPUYkI3kTsOhMQuKxfFCH6ksa%2B3rZ6pL6w%2BS2v4FQjwKJ0zqUoV%2F25of7DOXsnF0j5PvIQqM9a%
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:12 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ffnLLQvKHyrq2Bhz5kM8Rr2aMC4anBmpLpL01YVLGCWfOx73RFsxYXSR9zGC3UfOwWNkmnf54Z%2B%2FKwPJHsm09Bx338GE1mxrela2y8vPFVIGTwKkxfUXXUrTyaxs%2BG9H9vv98Rz2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00b42fd357280-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC70INData Raw: 34 30 0d 0a 50 79 2b 51 4e 63 6d 65 56 57 32 77 4f 52 44 50 79 52 49 41 2f 46 53 76 54 57 71 4b 78 4c 41 78 66 58 66 55 35 59 6c 36 59 76 50 6b 67 78 70 30 4f 32 32 4f 61 78 48 30 61 69 42 6a 37 65 65 72 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 40Py+QNcmeVW2wORDPyRIA/FSvTWqKxLAxfXfU5Yl6YvPkgxp0O22OaxH0aiBj7eer
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        20192.168.2.94973352.204.15.2544438164C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1905
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC1905OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 37 52 33 56 75 77 6d 73 51 70 46 30 45 72 61 72 6e 78 48 71 42 52 63 6e 30 2b 46 44 63 43 50 46 56 30 67 6e 72 4a 38 5c 2f 6f 48 4a 35 4f 73 6f 75 31 4a 59 6e 48 72 48 47 4a 61 4f 6c 77 4f 47 64 53 75 73 42 4c 75 36 73 72 72 7a 62 52 6a 55 63 59 64 6d 72 51 65 5a 65 32 74 63 34 48 4e 39 58 69 68 56 41 4b 65 43 31 57 58 59 73 37 43 46 37 7a 48 2b 78 76 59 69 65 36 48 64 6b 42 79 33 4d 66 75 73 71 4d 34 37 45 7a 49 77 68 66 4e 63 78 34 53 2b 69 66 2b 63 37 61 44 70 39 35 31 61 42 6a 70 71 6e 66 4c 43 69 73 53 59 6e 38 49 49 47 46 65 62 62 4b 6b 34 4c 58 44 45 47 4e 6e
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"7R3VuwmsQpF0ErarnxHqBRcn0+FDcCPFV0gnrJ8\/oHJ5Osou1JYnHrHGJaOlwOGdSusBLu6srrzbRjUcYdmrQeZe2tc4HN9XihVAKeC1WXYs7CF7zH+xvYie6HdkBy3MfusqM47EzIwhfNcx4S+if+c7aDp951aBjpqnfLCisSYn8IIGFebbKk4LXDEGNn
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:13 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        21192.168.2.94973252.204.15.2544438164C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1954
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC1954OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 55 30 78 4f 78 6f 32 54 34 49 69 54 51 34 77 4d 44 64 2b 59 5c 2f 33 45 66 48 4f 4c 46 58 42 71 2b 30 78 4c 64 6e 41 51 48 6e 38 65 65 43 5a 4f 53 68 72 44 33 6f 71 64 6d 44 36 76 54 75 74 75 74 49 76 73 78 31 54 66 30 4e 77 77 30 6b 74 43 42 32 4a 57 72 5c 2f 2b 4f 34 78 56 4c 75 52 72 76 51 50 4a 61 6f 59 47 77 4d 4e 61 6c 31 47 74 46 35 6e 45 76 4b 2b 5a 36 5c 2f 61 39 69 69 42 46 71 4e 43 4a 78 38 72 43 31 4d 47 4d 45 67 6e 45 50 57 34 4e 38 77 55 38 75 58 49 62 44 66 4b 56 78 63 74 65 35 53 64 64 50 71 4c 45 73 57 52 69 79 47 54 35 4b 66 6f 49 63 69 43 78 41 36
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"U0xOxo2T4IiTQ4wMDd+Y\/3EfHOLFXBq+0xLdnAQHn8eeCZOShrD3oqdmD6vTututIvsx1Tf0Nww0ktCB2JWr\/+O4xVLuRrvQPJaoYGwMNal1GtF5nEvK+Z6\/a9iiBFqNCJx8rC1MGMEgnEPW4N8wU8uXIbDfKVxcte5SddPqLEsWRiyGT5KfoIciCxA6
                                                                                                                                                                                                                                                                        2024-07-27 22:25:13 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:13 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        22192.168.2.94973552.204.15.2544438164C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1923
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC1923OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 4f 67 66 61 31 35 76 2b 57 46 57 71 5a 52 41 79 62 68 6f 6c 58 45 75 48 7a 72 34 5a 51 61 37 72 6e 2b 69 32 61 44 37 54 6b 4d 5a 54 65 4c 30 6b 34 6a 6d 79 72 36 6e 54 52 74 64 56 54 73 79 6b 4d 46 69 49 47 45 64 52 48 52 68 49 6c 53 38 7a 34 45 4a 44 42 4b 35 31 6e 6f 61 46 4a 69 45 30 2b 63 53 77 58 37 41 57 41 67 56 6b 50 51 54 67 45 78 35 64 62 36 4d 6b 51 62 57 6d 62 2b 34 45 55 35 39 61 30 65 76 4f 4b 50 50 33 5a 43 6a 50 35 61 2b 59 66 4e 65 4c 4d 58 72 46 74 69 43 4c 6a 49 66 75 4b 64 47 6e 2b 31 6b 58 46 6b 47 37 35 47 6d 58 61 6f 49 64 58 2b 73 43 4e 54 68
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"Ogfa15v+WFWqZRAybholXEuHzr4ZQa7rn+i2aD7TkMZTeL0k4jmyr6nTRtdVTsykMFiIGEdRHRhIlS8z4EJDBK51noaFJiE0+cSwX7AWAgVkPQTgEx5db6MkQbWmb+4EU59a0evOKPP3ZCjP5a+YfNeLMXrFtiCLjIfuKdGn+1kXFkG75GmXaoIdX+sCNTh
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:14 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        23192.168.2.94973452.204.15.2544438164C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1953
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC1953OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 56 4e 6f 47 50 65 45 42 52 57 35 69 78 4c 51 4a 62 5c 2f 44 36 65 30 71 38 76 64 4a 73 49 42 44 71 36 76 58 44 59 73 5a 51 69 72 6e 54 71 2b 47 62 66 72 69 42 78 4e 47 38 31 53 4e 77 31 5c 2f 44 43 77 5a 32 47 72 55 50 68 67 42 67 51 77 4b 31 66 76 62 78 41 4b 55 5a 4c 79 50 47 32 56 62 5a 50 4e 53 63 4f 38 4c 6a 72 4f 72 4b 6f 64 5a 45 31 4c 43 55 34 69 70 39 69 4a 50 41 51 56 51 4c 52 70 52 51 48 67 72 78 65 50 6a 68 75 53 47 79 72 33 2b 49 51 34 52 31 45 53 6e 5a 39 4a 59 6c 59 72 46 45 45 71 64 4b 41 76 4c 5c 2f 4d 74 32 49 79 30 5a 32 46 30 6a 49 68 32 33 65 68
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"VNoGPeEBRW5ixLQJb\/D6e0q8vdJsIBDq6vXDYsZQirnTq+GbfriBxNG81SNw1\/DCwZ2GrUPhgBgQwK1fvbxAKUZLyPG2VbZPNScO8LjrOrKodZE1LCU4ip9iJPAQVQLRpRQHgrxePjhuSGyr3+IQ4R1ESnZ9JYlYrFEEqdKAvL\/Mt2Iy0Z2F0jIh23eh
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:14 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        24192.168.2.949737188.114.96.34438072C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC208OUTPOST /forecast HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                        Host: localweatherfree.com
                                                                                                                                                                                                                                                                        Content-Length: 269
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-07-27 22:25:14 UTC269OUTData Raw: 6c 6f 63 61 74 69 6f 6e 3d 33 32 6b 42 35 74 30 32 76 25 32 46 6c 55 75 57 6e 4c 57 52 4b 68 4e 4b 70 67 25 32 46 69 37 77 39 34 37 6d 55 67 37 35 42 74 78 67 4a 5a 4a 6f 52 56 4c 49 34 44 4a 6f 72 6b 38 54 68 70 4e 58 63 25 32 46 30 79 42 6b 41 6c 6a 49 77 64 5a 49 71 77 53 45 50 62 30 41 43 6a 5a 79 30 79 4f 37 53 62 37 4b 73 4f 37 30 34 25 32 46 61 32 48 34 6b 54 73 4f 32 32 47 4d 41 32 51 41 34 30 78 73 51 73 5a 77 69 75 66 68 64 59 76 55 61 4c 42 52 6b 78 44 6a 38 6f 47 76 32 44 72 54 53 76 48 6f 69 64 66 32 54 6b 58 54 54 38 46 69 50 56 57 79 34 42 49 47 47 59 45 30 46 6a 71 4b 47 7a 6d 33 70 46 41 31 76 7a 35 65 49 76 36 6c 4e 48 6a 6c 63 67 37 39 43 76 68 36 46 72 30 53 6f 61 34 33 49 78 44 6e 30 76 38 52 35 70 62 37 45 6f 68 6a 79 6a 42 64 38 72
                                                                                                                                                                                                                                                                        Data Ascii: location=32kB5t02v%2FlUuWnLWRKhNKpg%2Fi7w947mUg75BtxgJZJoRVLI4DJork8ThpNXc%2F0yBkAljIwdZIqwSEPb0ACjZy0yO7Sb7KsO704%2Fa2H4kTsO22GMA2QA40xsQsZwiufhdYvUaLBRkxDj8oGv2DrTSvHoidf2TkXTT8FiPVWy4BIGGYE0FjqKGzm3pFA1vz5eIv6lNHjlcg79Cvh6Fr0Soa43IxDn0v8R5pb7EohjyjBd8r
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC592INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:15 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrXmSQrf%2B6vAddZj2Enmc%2FaNWK8GXWwMpd24WMkJt73rSzOrOUY1VHJTPkhD%2FhVq1iaNweXebJ%2B%2FcSXv%2BfxeU0FwLTH2eKXZ2yJUgV92UPZJcq%2BsZjB4JR29xl1urW2bf2jPbYc1Og%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00b552a4c8cdc-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC70INData Raw: 34 30 0d 0a 56 78 76 57 42 44 34 35 33 72 47 4e 6b 4d 6e 4c 50 52 74 2f 6c 34 78 6d 65 37 79 52 5a 44 59 5a 6e 38 33 6c 2b 38 6a 34 63 77 38 4d 4e 78 49 61 34 4e 2f 63 59 7a 51 6a 52 46 63 59 49 63 61 67 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 40VxvWBD453rGNkMnLPRt/l4xme7yRZDYZn83l+8j4cw8MNxIa4N/cYzQjRFcYIcag
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        25192.168.2.94973652.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 336
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC336OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 46 34 32 37 39 31 42 45 2d 46 36 37 45 2d 34 42 35 44 2d 39 32 31 37 2d 46 42 38 43 37 44 36 33 37 34 43 34 7d 22 2c 22 65 61 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 3d 74 72 75 65 22 2c 22 65 63 22 3a 22 49 6e 70 75 74 50 61 72 61 6d 65 74 65 72 73 22 2c 22 65 6c
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{F42791BE-F67E-4B5D-9217-FB8C7D6374C4}","ea":"PaidDistribution=true","ec":"InputParameters","el
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:15 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: ebbc4388-3e93-312b-b4a3-35838c91f2f9
                                                                                                                                                                                                                                                                        x-amz-id-2: N7+UEnAnBJsyWwMOT2WwDKhv+gznzgLqf8GsnQ4ooiFsf6PR+27ay25l26JFjWPlnW5zTx11s2Ir9Jubk0EPF1SEzsdJxjMI
                                                                                                                                                                                                                                                                        2024-07-27 22:25:15 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        26192.168.2.949740188.114.96.34438072C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:17 UTC208OUTPOST /forecast HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                        Host: localweatherfree.com
                                                                                                                                                                                                                                                                        Content-Length: 271
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-07-27 22:25:17 UTC271OUTData Raw: 6c 6f 63 61 74 69 6f 6e 3d 78 57 30 51 34 4b 59 74 55 6a 4f 47 64 59 56 67 6b 6e 4f 48 66 46 67 47 59 33 53 45 33 44 68 53 36 37 39 6c 78 49 4a 68 6c 39 57 70 58 32 7a 44 6a 25 32 42 45 74 4f 6f 69 31 76 6d 6f 47 67 6b 46 36 55 61 44 30 34 35 65 69 6b 45 66 25 32 46 55 4c 44 4f 53 32 62 73 6a 39 25 32 46 34 48 6a 31 55 70 65 41 49 55 33 36 34 54 45 63 31 71 70 68 4e 55 54 67 62 52 68 55 6a 25 32 46 32 53 57 56 66 5a 58 58 42 59 7a 44 33 69 78 67 61 45 36 59 31 77 46 45 4e 46 66 63 38 4f 49 30 41 25 32 46 48 6a 69 4e 31 6d 79 73 36 77 4d 73 51 6f 42 54 63 43 71 6f 7a 54 64 42 78 69 38 33 63 51 63 4c 4c 48 6f 77 74 41 44 78 49 78 6b 37 55 38 39 35 75 4b 68 67 45 4e 47 4f 64 4f 4e 35 6b 6a 4f 34 52 35 7a 55 33 35 78 4d 42 72 49 49 6d 6d 6b 6a 70 30 46 51 6c
                                                                                                                                                                                                                                                                        Data Ascii: location=xW0Q4KYtUjOGdYVgknOHfFgGY3SE3DhS679lxIJhl9WpX2zDj%2BEtOoi1vmoGgkF6UaD045eikEf%2FULDOS2bsj9%2F4Hj1UpeAIU364TEc1qphNUTgbRhUj%2F2SWVfZXXBYzD3ixgaE6Y1wFENFfc8OI0A%2FHjiN1mys6wMsQoBTcCqozTdBxi83cQcLLHowtADxIxk7U895uKhgENGOdON5kjO4R5zU35xMBrIImmkjp0FQl
                                                                                                                                                                                                                                                                        2024-07-27 22:25:17 UTC590INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:17 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZN2vUlpq7jwQ3TLd9BBMtGfBN%2BhrvPia4NZNJw9B5TLK2%2B7CH%2FkGTkQaVEoZsMhsl9m3QzNyvi4b32u2ZO4JIkoTP14M2WvLEwt7%2FfqenuHj3S7NcoyQpjrqEwBruONJ2%2F%2BBcM0vg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00b62fea8432b-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-07-27 22:25:17 UTC70INData Raw: 34 30 0d 0a 6d 44 32 70 50 4b 43 66 55 6e 47 6b 55 46 30 51 69 64 41 51 70 2f 45 36 5a 44 6e 63 47 55 54 5a 4a 72 6a 6c 61 6c 6a 37 74 6d 49 64 7a 66 4f 2f 7a 4c 37 48 49 79 66 33 44 52 38 39 33 6a 62 44 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 40mD2pPKCfUnGkUF0QidAQp/E6ZDncGUTZJrjlalj7tmIdzfO/zL7HIyf3DR893jbD
                                                                                                                                                                                                                                                                        2024-07-27 22:25:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        27192.168.2.949745188.114.96.34438072C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:22 UTC208OUTPOST /forecast HTTP/1.1
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                        Host: localweatherfree.com
                                                                                                                                                                                                                                                                        Content-Length: 279
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        2024-07-27 22:25:22 UTC279OUTData Raw: 6c 6f 63 61 74 69 6f 6e 3d 69 54 4a 67 4d 4f 6c 6e 53 75 73 75 58 74 69 6a 7a 51 6e 6d 34 5a 48 4e 6a 25 32 46 74 44 46 30 46 7a 42 78 25 32 42 25 32 42 58 72 56 62 57 79 4c 48 4b 32 36 76 66 63 63 48 62 53 69 77 64 51 34 4a 6b 59 78 25 32 46 67 37 31 42 36 64 73 7a 65 68 72 7a 52 68 56 74 78 43 55 67 32 75 71 71 44 63 75 76 79 38 51 46 6b 65 72 75 34 53 35 33 4e 52 7a 30 36 52 43 72 32 6e 56 56 47 6f 76 69 56 4d 68 75 78 4d 4a 42 63 4b 36 41 6f 50 77 52 6f 37 42 73 4e 5a 5a 6b 62 31 76 49 55 36 4f 47 61 58 53 46 63 32 55 32 56 69 35 66 75 41 36 25 32 46 31 52 79 77 6e 75 76 5a 4a 32 68 64 64 36 77 79 64 37 4f 30 4c 41 69 49 7a 39 39 76 6a 68 63 44 62 71 64 25 32 42 45 33 73 6c 53 51 50 77 54 7a 30 51 25 32 46 25 32 46 58 64 74 74 6b 41 64 68 34 25 32 42
                                                                                                                                                                                                                                                                        Data Ascii: location=iTJgMOlnSusuXtijzQnm4ZHNj%2FtDF0FzBx%2B%2BXrVbWyLHK26vfccHbSiwdQ4JkYx%2Fg71B6dszehrzRhVtxCUg2uqqDcuvy8QFkeru4S53NRz06RCr2nVVGoviVMhuxMJBcK6AoPwRo7BsNZZkb1vIU6OGaXSFc2U2Vi5fuA6%2F1RywnuvZJ2hdd6wyd7O0LAiIz99vjhcDbqd%2BE3slSQPwTz0Q%2F%2FXdttkAdh4%2B
                                                                                                                                                                                                                                                                        2024-07-27 22:25:22 UTC586INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:22 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfS%2BDEFCfmrpxT7bzt34jhvjI4dMygDjXW7mKGorXn%2B8yoSHv4i%2BSouWofReMdMHuOPhgMgb0oMueZo2RFjys79FdhJEJVcxbNHEOR%2FcSQyF9JUXrzYsV0qzMzJHK9KhjhBoCVMzWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00b83d8ca0fa9-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        2024-07-27 22:25:22 UTC70INData Raw: 34 30 0d 0a 4b 6b 4b 57 39 4e 31 48 51 69 70 57 4f 6f 44 38 52 32 50 58 75 4c 39 36 35 64 33 58 50 6f 74 57 47 4d 47 55 67 39 50 6f 71 34 70 79 53 58 70 59 41 69 5a 6d 36 4d 65 6f 6b 36 61 6a 35 37 6b 41 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 40KkKW9N1HQipWOoD8R2PXuL965d3XPotWGMGUg9Poq4pySXpYAiZm6Meok6aj57kA
                                                                                                                                                                                                                                                                        2024-07-27 22:25:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        28192.168.2.94974752.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:24 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 507
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:24 UTC507OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                                                                        2024-07-27 22:25:24 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:24 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amz-id-2: rPGDqMpIVxrweyqand9VOQ7GAkY2LlSOoa6+SGeq1NgI2ansM9rZOESTGylqRlpc7xtei3yD2bB7acO6qZe2JEeXOLyTa6GH
                                                                                                                                                                                                                                                                        x-amzn-RequestId: faafee66-a448-f075-a5b0-98727cf86ec4
                                                                                                                                                                                                                                                                        2024-07-27 22:25:24 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        29192.168.2.94975018.173.206.964437432C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:28 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                        Authorization: Signature=e0352f7c5ed3c1f9773e13e888c3d3327e9b930d88959235e161efa7ecf6d460
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                        Content-Length: 298
                                                                                                                                                                                                                                                                        Host: d3cored83b0wp2.cloudfront.net
                                                                                                                                                                                                                                                                        2024-07-27 22:25:28 UTC298OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 32 37 31 38 32 34 32 37 5c 22 2c 5c 22 33 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 34 5c 22 3a 5c 22 63 68 65 61 74 65 6e 67 69 6e 65 5c 22 2c 5c 22 35 5c 22 3a 5c 22 43 68 65 61 74 45 6e 67 69 6e 65 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 31 33 33 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22 3a 5c 22 31 2e 33 34 2e 33 2e 38 33 34 31 5c 22 2c
                                                                                                                                                                                                                                                                        Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240727182427\",\"3\":\"cheatengine\",\"4\":\"cheatengine\",\"5\":\"CheatEngine\",\"18\":\"\",\"19\":\"\",\"21\":\"133\",\"6\":\"3\",\"7\":\"1.34.3.8341\",
                                                                                                                                                                                                                                                                        2024-07-27 22:25:28 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:28 GMT
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                        Via: 1.1 6331d4bbb4ca00ba6bb24a0730ab986c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: emLlmaTmKebLa6G8-_gox-Qs7HqPRywUuhnXB59CMVncL3lFOIqtDg==
                                                                                                                                                                                                                                                                        2024-07-27 22:25:28 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        30192.168.2.949751172.67.35.2204436784C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:45 UTC106OUTGET /cesharelist.txt HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Cheat Engine 7.5 : luascript-ceshare
                                                                                                                                                                                                                                                                        Host: cheatengine.org
                                                                                                                                                                                                                                                                        2024-07-27 22:25:45 UTC286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:45 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Content-Length: 310
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        ETag: "3727957928"
                                                                                                                                                                                                                                                                        Last-Modified: Mon, 04 Jul 2022 23:46:20 GMT
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00c136e7142e5-EWR
                                                                                                                                                                                                                                                                        2024-07-27 22:25:45 UTC310INData Raw: 23 69 66 20 79 6f 75 20 77 69 73 68 20 74 6f 20 61 64 64 20 79 6f 75 72 20 73 65 72 76 65 72 20 68 65 72 65 20 74 68 65 6e 20 6d 61 69 6c 20 64 61 72 6b 5f 62 79 74 65 40 68 6f 74 6d 61 69 6c 2e 63 6f 6d 20 6f 72 20 70 6d 20 6d 65 20 61 74 20 66 6f 72 75 6d 2e 63 68 65 61 74 65 6e 67 69 6e 65 2e 6f 72 67 20 2c 20 6f 72 20 6d 65 73 73 61 67 65 20 6d 65 20 6f 6e 20 64 69 73 63 6f 72 64 28 44 42 23 32 37 38 30 29 20 0a 68 74 74 70 73 3a 2f 2f 66 65 61 72 6c 65 73 73 72 65 76 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 63 65 73 68 61 72 65 2f 20 23 2d 23 20 46 65 61 72 6c 65 73 73 20 72 65 76 6f 6c 75 74 69 6f 6e 20 28 66 65 61 72 6c 65 73 73 72 65 76 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 29 0a 23 68 74 74 70 73 3a 2f 2f 6c 6f 63 61 6c 68 6f 73 74 2f 63 65 73 68 61 72 65
                                                                                                                                                                                                                                                                        Data Ascii: #if you wish to add your server here then mail dark_byte@hotmail.com or pm me at forum.cheatengine.org , or message me on discord(DB#2780) https://fearlessrevolution.com/ceshare/ #-# Fearless revolution (fearlessrevolution.com)#https://localhost/ceshare


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        31192.168.2.949759172.67.35.2204436784C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:46 UTC115OUTGET /latestversion.txt HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Cheat Engine 7.5 : luascript-CEVersionCheck
                                                                                                                                                                                                                                                                        Host: cheatengine.org
                                                                                                                                                                                                                                                                        2024-07-27 22:25:46 UTC284INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                        Content-Length: 25
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        ETag: "865367632"
                                                                                                                                                                                                                                                                        Last-Modified: Tue, 14 Feb 2023 10:07:05 GMT
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8aa00c18bd9d558a-EWR
                                                                                                                                                                                                                                                                        2024-07-27 22:25:46 UTC25INData Raw: 31 39 37 30 33 34 36 33 31 31 38 31 38 35 30 33 0a 37 2e 35 0a 37 2e 35 0a
                                                                                                                                                                                                                                                                        Data Ascii: 19703463118185037.57.5


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        32192.168.2.94976652.37.69.68443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:55 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:55 UTC419OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 39 31 34 22 2c 22 55 55 49 44 22 3a 22 7b 46 34 32 37 39 31 42 45 2d 46 36 37 45 2d 34 42 35 44 2d 39 32 31 37 2d 46 42 38 43 37 44 36 33 37 34 43 34 7d 22 2c 22 65 61 22 3a 22 43 6f 6d 70 6c 65 74 65 64 22 2c 22 65 63 22 3a 22 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 30 22 2c 22 72 32 22 3a 22 22 2c 22 72 33 22
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.914","UUID":"{F42791BE-F67E-4B5D-9217-FB8C7D6374C4}","ea":"Completed","ec":"Installer","el":"0","r2":"","r3"
                                                                                                                                                                                                                                                                        2024-07-27 22:25:56 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:56 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amz-id-2: KuB1TW95uf4N4w2AdhIz7MA+zZKBJ0SDKctBsHtTbwSR3bYAwX/wsFRMDLcRdvYWVUmuysMEWBusE/3398CV4IqberLz5iKf
                                                                                                                                                                                                                                                                        x-amzn-RequestId: f1daf9ec-ca61-1430-aec5-8fd8b13451be
                                                                                                                                                                                                                                                                        2024-07-27 22:25:56 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        33192.168.2.94976752.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 501
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC501OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:57 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amz-id-2: EOeHN54bbgBm0hDH/m7NqxuqSYY76wUMHqUnY8ENe6pkyIEEh9gpZubQA5RYfnkFTFYDi/lJtzwHfdNN0G7yCatEvvZyoMb4
                                                                                                                                                                                                                                                                        x-amzn-RequestId: c4ae5984-914b-3156-9bb1-2fb146f82bd8
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        34192.168.2.94976952.204.15.254443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1935
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC1935OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 33 69 48 72 39 65 78 50 69 6e 61 30 48 30 49 37 4c 46 5a 6d 74 31 58 6d 4f 34 4d 56 42 54 64 71 4a 43 45 58 56 45 5a 6b 59 64 59 56 75 57 30 44 49 75 52 57 4c 79 77 37 6b 41 55 6e 62 41 59 4a 6a 5c 2f 56 37 31 39 73 4f 4e 53 6d 47 4b 67 32 6e 73 65 73 4d 55 47 6c 36 49 57 72 36 56 73 52 5c 2f 70 56 30 31 53 65 55 62 49 74 51 78 4d 69 67 67 57 52 67 64 57 67 77 43 51 32 31 4f 4d 6e 39 4a 56 6b 50 71 49 73 55 72 53 37 4c 62 69 61 79 75 36 33 73 5a 65 31 73 74 44 79 44 49 30 31 7a 31 43 4a 44 4c 33 43 62 51 61 36 34 38 79 71 61 72 72 32 47 58 63 35 6f 34 55 7a 69 76 77
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"3iHr9exPina0H0I7LFZmt1XmO4MVBTdqJCEXVEZkYdYVuW0DIuRWLyw7kAUnbAYJj\/V719sONSmGKg2nsesMUGl6IWr6VsR\/pV01SeUbItQxMiggWRgdWgwCQ21OMn9JVkPqIsUrS7Lbiayu63sZe1stDyDI01z1CJDL3CbQa648yqarr2GXc5o4Uzivw
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:58 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        35192.168.2.94976852.204.15.254443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:57 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1905
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC1905OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 41 44 62 70 41 71 4b 4d 50 4b 32 4a 43 69 66 53 6c 4e 55 59 30 78 45 57 63 55 30 72 5a 73 30 79 44 4b 71 68 38 37 49 50 76 66 78 2b 59 37 74 4d 57 64 41 30 6b 6a 61 41 79 41 61 69 33 75 4a 45 72 46 42 6c 4c 66 70 53 77 6f 61 70 41 2b 77 75 76 6e 41 58 61 37 59 55 35 6b 56 35 5a 47 71 36 61 68 43 38 76 78 70 44 42 47 7a 6a 47 77 48 79 4e 78 6f 56 6a 68 41 69 71 4f 53 66 4c 48 53 53 47 4f 79 41 43 63 41 46 56 68 68 66 6e 35 58 6e 73 7a 51 32 67 6f 73 43 6f 44 63 50 64 4c 34 69 48 4b 48 39 31 39 6b 4f 39 33 4e 6b 6d 6b 6a 42 50 76 76 57 64 71 32 43 79 66 6a 66 53 49 6b
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"ADbpAqKMPK2JCifSlNUY0xEWcU0rZs0yDKqh87IPvfx+Y7tMWdA0kjaAyAai3uJErFBlLfpSwoapA+wuvnAXa7YU5kV5ZGq6ahC8vxpDBGzjGwHyNxoVjhAiqOSfLHSSGOyACcAFVhhfn5XnszQ2gosCoDcPdL4iHKH919kO93NkmkjBPvvWdq2CyfjfSIk
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:58 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        36192.168.2.94977152.204.15.254443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC186OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                        Accept: application/json
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Host: track.analytics-data.io
                                                                                                                                                                                                                                                                        Content-Length: 1934
                                                                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                                                                        2024-07-27 22:25:58 UTC1934OUTData Raw: 7b 22 73 74 72 65 61 6d 22 3a 22 64 69 67 69 74 61 6c 5f 73 6f 6c 75 74 69 6f 6e 73 5f 63 79 62 65 72 5f 72 61 76 5f 63 6c 69 65 6e 74 5f 69 6e 73 74 61 6c 6c 73 22 2c 22 64 61 74 61 22 3a 22 58 64 45 48 33 36 62 32 33 42 43 5a 66 51 33 32 35 36 42 70 4d 32 38 6f 59 59 69 70 4e 54 62 6e 78 69 32 36 35 68 42 5a 61 69 2b 37 49 49 43 52 70 77 68 41 78 6c 46 34 68 45 37 36 58 72 4b 78 68 4a 4a 4b 53 35 41 6c 63 75 43 64 66 4a 37 55 37 63 30 4e 7a 38 70 39 68 77 68 42 74 57 62 43 6b 68 51 63 52 55 73 4e 36 66 48 59 4a 6b 79 78 32 37 49 38 49 2b 51 4d 4e 33 32 6e 6e 65 58 65 77 2b 35 39 49 63 63 55 74 74 46 44 53 70 7a 33 6e 57 75 42 31 36 4c 64 73 38 68 51 44 42 36 4b 51 2b 65 52 44 4a 64 72 66 4a 61 65 34 46 4d 46 4a 69 4c 58 42 67 4c 59 41 69 72 53 32 6c 39
                                                                                                                                                                                                                                                                        Data Ascii: {"stream":"digital_solutions_cyber_rav_client_installs","data":"XdEH36b23BCZfQ3256BpM28oYYipNTbnxi265hBZai+7IICRpwhAxlF4hE76XrKxhJJKS5AlcuCdfJ7U7c0Nz8p9hwhBtWbCkhQcRUsN6fHYJkyx27I8I+QMN32nneXew+59IccUttFDSpz3nWuB16Lds8hQDB6KQ+eRDJdrfJae4FMFJiLXBgLYAirS2l9
                                                                                                                                                                                                                                                                        2024-07-27 22:25:59 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:59 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                                                                        {"Status":"OK"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        37192.168.2.94977252.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:25:59 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 595
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:25:59 UTC595OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                                                                        2024-07-27 22:25:59 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:25:59 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amz-id-2: vRJBXp26VvbsSeEMR8OcNTAP70bLqZ5aIM8Z9QFPOYwmfIS+ta4klm0Z3hX9wX1FfWPiS3dNny8e4V1etDqEjlt/MxfRfKF7
                                                                                                                                                                                                                                                                        x-amzn-RequestId: f080cf16-add5-b6d1-af9f-b9210f7d5fc2
                                                                                                                                                                                                                                                                        2024-07-27 22:25:59 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        38192.168.2.94977352.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:26:00 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 505
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:26:00 UTC505OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                                                                        2024-07-27 22:26:00 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:26:00 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: e2d8b0d0-6b1c-e5f9-bdc7-c6e8b1d5cd2f
                                                                                                                                                                                                                                                                        x-amz-id-2: obt6LfCeUshALSlb3y8HD2ggcIgWhLmsROYKuLK4Vq9aiAgRu/J4irP8ktCBfatlmteLG0R8ISdnf7/z54WW8l3IthuqQsrx
                                                                                                                                                                                                                                                                        2024-07-27 22:26:00 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        39192.168.2.94977452.37.69.684437988C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:26:01 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: SA
                                                                                                                                                                                                                                                                        X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                                                                        Content-Length: 507
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:26:01 UTC507OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                                                                        2024-07-27 22:26:01 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:26:01 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: ca3a4607-ee58-98fd-9525-303e9ab144d0
                                                                                                                                                                                                                                                                        x-amz-id-2: wDhsXZg18aivVHwykFWQOPyTmmDpvMsLf/FF58y8saE2o+XqNWgJOM9W1/pBHpSh2Z+hq0rdqDgtnHVC/yFtyer7CuR1bFhy
                                                                                                                                                                                                                                                                        2024-07-27 22:26:01 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        40192.168.2.94977652.37.69.68443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC217OUTPUT /mosaic/2.0/product-web/wa/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        X-API-Key: Rs5OAGab1B91bDm6iAFfma19H9Oj8Nmd6JGBQ135
                                                                                                                                                                                                                                                                        Content-Length: 6554
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC6554OUTData Raw: 7b 22 50 61 72 74 69 74 69 6f 6e 4b 65 79 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 44 61 74 61 22 3a 7b 22 65 76 65 6e 74 22 3a 7b 22 65 76 65 6e 74 5f 64 61 74 61 22 3a 7b 22 56 53 4f 5f 45 78 70 69 72 79 5f 44 61 74 65 22 3a 22 4e 4f 5f 53 55 49 54 45 22 2c 22 44 65 66 61 75 6c 74 5f 42 72 6f 77 73 65 72 22 3a 22 43 48 22 2c 22 49 45 5f 53 65 61 72 63 68 62 6f 78 5f 45 6e 61 62 6c 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 4c 61 73 74 5f 42 72 6f 77 73 65 72 5f 55 73 65 64 22 3a 22 55 4e 49 4e 49 54 49 41 4c 49 5a 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 44 61 74 65 22 3a 22 32 30 32 34 30 37 32 37 22 2c 22 44 65 66 65 72 5f 53 65 61 72 63 68 5f 4d 69 6e 69 6d 75 6d 5f 44 61
                                                                                                                                                                                                                                                                        Data Ascii: {"PartitionKey":"9e146be9-c76a-4720-bcdb-53011b87bd06","Data":{"event":{"event_data":{"VSO_Expiry_Date":"NO_SUITE","Default_Browser":"CH","IE_Searchbox_Enabled":"false","Last_Browser_Used":"UNINITIALIZED","Install_Date":"20240727","Defer_Search_Minimum_Da
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:26:04 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: dd2c1e6e-30dd-51bc-8233-6852c0344532
                                                                                                                                                                                                                                                                        x-amz-id-2: rGWScC84T0Pw16HoPYPfZHL3FkaGcQqE73/aNMki3omG44VRDW+kXaKRmSzX8RbCkqeYtEFGSL280ES03/b2Ezil6kdwSNws
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                        41192.168.2.94977752.37.69.68443
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC310OUTPUT /mosaic/2.0/product-web/webadvisor/v1/record HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                                                        User-Agent: McAfee Mosaic API V1 transmitter_{F2E24CD9-3730-4D43-A890-F067F3B5CAC1}
                                                                                                                                                                                                                                                                        x-api-key: hJa7Ksp6EX6wmord88kvH8hjkvYde1jT91tHQ4m5
                                                                                                                                                                                                                                                                        Content-Length: 2804
                                                                                                                                                                                                                                                                        Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC2804OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 68 63 33 32 22 3a 22 7b 5c 22 65 64 5c 22 3a 30 2c 5c 22 63 68 5c 22 3a 30 2c 5c 22 66 66 5c 22 3a 30 7d 22 2c 22 68 6d 32 22 3a 22 30 22 2c 22 68 6d 31 22 3a 22 30 22 2c 22 68 6d 33 22 3a 22 30 22 2c 22 68 63 33 31 22 3a 22 7b 5c 22 65 64 5c 22 3a 5c 22 66 61 6c 73 65 5c 22 2c 5c 22 63 68 5c 22 3a 5c 22 66 61 6c 73 65 5c 22 2c 5c 22 66 66 5c 22 3a 5c 22 66 61 6c 73 65 5c 22 7d 22 2c 22 65 69 64 22 3a 22 77 61 5f 64 61 69 6c 79 5f 70 69 6e 67 22 2c 22 68 63 35 22 3a 22 77 61 5f 65 6e 67 69 6e 65 65 72 69 6e 67 5f 64 61 69 6c 79 5f 70 69 6e 67 22 2c 22 68 63 31 22 3a 22 41 6e 61 6c 79 74 69 63 73 22 2c 22 68 63 33 38 22 3a 22 44 61 69 6c 79 50 69 6e 67 22 2c 22 68 63 31 34 22 3a 22 6f 6e 5f 57 41 5f 69 6e 73 74 61 6c 6c 65 64
                                                                                                                                                                                                                                                                        Data Ascii: {"Data":{"hc32":"{\"ed\":0,\"ch\":0,\"ff\":0}","hm2":"0","hm1":"0","hm3":"0","hc31":"{\"ed\":\"false\",\"ch\":\"false\",\"ff\":\"false\"}","eid":"wa_daily_ping","hc5":"wa_engineering_daily_ping","hc1":"Analytics","hc38":"DailyPing","hc14":"on_WA_installed
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC315INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 27 Jul 2024 22:26:04 GMT
                                                                                                                                                                                                                                                                        Content-Type: application/x-amz-json-1.1
                                                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        x-amzn-RequestId: d23c49fc-50dc-ea98-8d23-3fc0abe14f78
                                                                                                                                                                                                                                                                        x-amz-id-2: /nT4v1QZ0yGGn0fwEw6Jm0vYf2/izOA1qVIa8VUMXkATSYBIX50SYcDrbmLL9U3t2HJKOXHI9+q97RX0spaYV0KI/AqvRVcVuTE2NUO/91E=
                                                                                                                                                                                                                                                                        2024-07-27 22:26:04 UTC16INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d
                                                                                                                                                                                                                                                                        Data Ascii: {"message":"ok"}


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:18:24:20
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:29'977'368 bytes
                                                                                                                                                                                                                                                                        MD5 hash:28A85BA5396FCFA8A5F794F04DCE35E4
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                        Start time:18:24:21
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-2P19C.tmp\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.tmp" /SL5="$10408,29086952,780800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4077.25967.22716.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:3'014'144 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C47A946F3D41363C77CA4C719516E49B
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                        Start time:18:25:02
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240727182427&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true
                                                                                                                                                                                                                                                                        Imagebase:0x25f09760000
                                                                                                                                                                                                                                                                        File size:33'432 bytes
                                                                                                                                                                                                                                                                        MD5 hash:D1495CE1E0A925ADE7F92355F121DF16
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                        Start time:18:25:05
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                                                                                        Imagebase:0x5b0000
                                                                                                                                                                                                                                                                        File size:1'184'128 bytes
                                                                                                                                                                                                                                                                        MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                        Start time:18:25:06
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                                                                                                                        Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                        Start time:18:25:06
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:6'261'520 bytes
                                                                                                                                                                                                                                                                        MD5 hash:3C17F28CC001F6652377D3B5DEEC10F0
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                        Start time:18:25:07
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\w0jpn3s4.exe" /silent
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:2'366'456 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6613E98A6EFF88810424C120EA6901E8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000003.1804261457.0000000002E10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                        Start time:18:25:08
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:27'406'384 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E0F666FE4FF537FB8587CCD215E41E5F
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                        Start time:18:25:08
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\7zS49F7DD6F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:.\UnifiedStub-installer.exe /silent
                                                                                                                                                                                                                                                                        Imagebase:0x171ec040000
                                                                                                                                                                                                                                                                        File size:1'120'648 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000C.00000002.3880673463.00000171EE652000.00000002.00000001.01000000.00000035.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000C.00000002.3881479946.00000171EE762000.00000002.00000001.01000000.00000036.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                        Start time:18:25:10
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-5LC0A.tmp\CheatEngine75.tmp" /SL5="$80060,26511452,832512,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:3'223'968 bytes
                                                                                                                                                                                                                                                                        MD5 hash:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                        Start time:18:25:10
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6e2d00000
                                                                                                                                                                                                                                                                        File size:814'440 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CC7167823D2D6D25E121FC437AE6A596
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                        Start time:18:25:10
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                        Start time:18:25:10
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6e2d00000
                                                                                                                                                                                                                                                                        File size:814'440 bytes
                                                                                                                                                                                                                                                                        MD5 hash:CC7167823D2D6D25E121FC437AE6A596
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"net" stop BadlionAntic
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d8320000
                                                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=UnifiedStub
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fcfd0000
                                                                                                                                                                                                                                                                        File size:332'568 bytes
                                                                                                                                                                                                                                                                        MD5 hash:8157D03D4CD74D7DF9F49555A04F4272
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 stop BadlionAntic
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6e48c0000
                                                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe" /products=epp /auto-repair=UnifiedStub
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:2'366'456 bytes
                                                                                                                                                                                                                                                                        MD5 hash:6613E98A6EFF88810424C120EA6901E8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000015.00000003.2000847379.0000000002E00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"net" stop BadlionAnticheat
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6d8320000
                                                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 stop BadlionAnticheat
                                                                                                                                                                                                                                                                        Imagebase:0x7ff6e48c0000
                                                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"sc" delete BadlionAntic
                                                                                                                                                                                                                                                                        Imagebase:0x7ff791680000
                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"sc" delete BadlionAnticheat
                                                                                                                                                                                                                                                                        Imagebase:0x7ff791680000
                                                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                        Start time:18:25:11
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-OPSPB.tmp\_isetup\_setup64.tmp
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:helper 105 0x84
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:6'144 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                        Start time:18:25:12
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                        Start time:18:25:12
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\icacls.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7f7f20000
                                                                                                                                                                                                                                                                        File size:39'424 bytes
                                                                                                                                                                                                                                                                        MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                        Start time:18:25:12
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                        Start time:18:25:16
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install
                                                                                                                                                                                                                                                                        Imagebase:0x760000
                                                                                                                                                                                                                                                                        File size:3'385'616 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2B149BA4C21C66D34F19214D5A8D3067
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                        Start time:18:25:16
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                                                        Start time:18:25:17
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent
                                                                                                                                                                                                                                                                        Imagebase:0x760000
                                                                                                                                                                                                                                                                        File size:3'385'616 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2B149BA4C21C66D34F19214D5A8D3067
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                        Start time:18:25:17
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                        Start time:18:25:18
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x760000
                                                                                                                                                                                                                                                                        File size:3'385'616 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2B149BA4C21C66D34F19214D5A8D3067
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                        Start time:18:25:19
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:242'616 bytes
                                                                                                                                                                                                                                                                        MD5 hash:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                        Start time:18:25:22
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:268'704 bytes
                                                                                                                                                                                                                                                                        MD5 hash:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                        Start time:18:25:23
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\icacls.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7f7f20000
                                                                                                                                                                                                                                                                        File size:39'424 bytes
                                                                                                                                                                                                                                                                        MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                                                        Start time:18:25:23
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                                                        Start time:18:25:28
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\7zS83DA393F\UnifiedStub-installer.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:.\UnifiedStub-installer.exe /products=epp /auto-repair=UnifiedStub
                                                                                                                                                                                                                                                                        Imagebase:0x27d6e5b0000
                                                                                                                                                                                                                                                                        File size:1'120'648 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C7FE1EB6A82B9FFAAF8DCA0D86DEF7CA
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002D.00000002.2145532575.0000027D000AD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002D.00000002.2266490083.0000027D70272000.00000002.00000001.01000000.00000032.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                                                        Start time:18:25:30
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:399'264 bytes
                                                                                                                                                                                                                                                                        MD5 hash:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                                                        Start time:18:25:30
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:16'708'024 bytes
                                                                                                                                                                                                                                                                        MD5 hash:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                                                        Start time:18:25:35
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\WeatherZero\WeatherZero.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\WeatherZero\WeatherZero.exe" /q=DF4E7397994EE5D86AD1C8FEEA899434
                                                                                                                                                                                                                                                                        Imagebase:0xac0000
                                                                                                                                                                                                                                                                        File size:2'876'688 bytes
                                                                                                                                                                                                                                                                        MD5 hash:7DC1C6AB3BF2DD1C825914F7F6F31B45
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                                                        Start time:18:25:36
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f3ilhy3j.cmdline"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:80'296 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2B9482EB5D3AF71029277E18F6C656C0
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                                                        Start time:18:25:36
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                                                        Start time:18:25:37
                                                                                                                                                                                                                                                                        Start date:27/07/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8926.tmp" "c:\Users\user\AppData\Local\Temp\CSC8925.tmp"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:35'296 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E118330B4629B12368D91B9DF6488BE0
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:8.9%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                          Total number of Nodes:3
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                          execution_graph 6343 7ff887ad6da4 6344 7ff887ad6dad LoadLibraryW 6343->6344 6346 7ff887ad6e5d 6344->6346

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00007FF887ADA5F2 Relevance: 8.5, Strings: 5, Instructions: 2228COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3820730070.00007FF887AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887AD0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff887ad0000_prod0.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: tW_L$uL_H$zL_H${W_H$|W_L
                                                                                                                                                                                                                                                                          • API String ID: 0-1512239499
                                                                                                                                                                                                                                                                          • Opcode ID: a8e130c6680c6a86a803cbb9760616492291743fe0ac2af4397b0b57328edf73
                                                                                                                                                                                                                                                                          • Instruction ID: 0cd8c9a40a039868b210fc0bf559ffe490400f186ec6238d50aa70d4a0afcfda
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8e130c6680c6a86a803cbb9760616492291743fe0ac2af4397b0b57328edf73
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBD2C812F5CE4A4FF6A8A66C645B2BC3BE1FF98691F44017AC40EC72D7ED186C469381
                                                                                                                                                                                                                                                                          Function 00007FF887AD93DC Relevance: 2.0, Strings: 1, Instructions: 752COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 635 7ff887ad93dc-7ff887ad93e3 636 7ff887ad93e5-7ff887ad93ed 635->636 637 7ff887ad93ee-7ff887ad9408 635->637 636->637 638 7ff887ad9452-7ff887ad9457 637->638 639 7ff887ad940a-7ff887ad9424 637->639 642 7ff887ad9458-7ff887ad9460 638->642 640 7ff887ad9426-7ff887ad944b 639->640 641 7ff887ad947d-7ff887ad9495 639->641 649 7ff887ad944d-7ff887ad9451 640->649 650 7ff887ad94cc-7ff887ad94dc 640->650 645 7ff887ad9497-7ff887ad94bf 641->645 646 7ff887ad94df-7ff887ad94f8 641->646 645->642 648 7ff887ad94c1-7ff887ad94fb call 7ff887ad8948 645->648 651 7ff887ad9500-7ff887ad9511 646->651 652 7ff887ad94fb call 7ff887ad8948 646->652 648->651 649->638 650->646 654 7ff887ad9513-7ff887ad952b 651->654 655 7ff887ad952d-7ff887ad9531 651->655 652->651 656 7ff887ad9536-7ff887ad9569 654->656 655->656 660 7ff887ad956f-7ff887ad9583 656->660 661 7ff887ad9a5a-7ff887ad9a63 call 7ff887ad9b9b 656->661 663 7ff887ad9585-7ff887ad958e 660->663 664 7ff887ad95a3-7ff887ad95ba 660->664 672 7ff887ad9a65-7ff887ad9a6e call 7ff887ad9b9b 661->672 673 7ff887ad9a6f-7ff887ad9a75 661->673 668 7ff887ad9591-7ff887ad9598 663->668 665 7ff887ad95c0-7ff887ad95c6 664->665 666 7ff887ad9a4a 664->666 670 7ff887ad95e6-7ff887ad95fd 665->670 671 7ff887ad95c8-7ff887ad95d1 665->671 669 7ff887ad9a4f-7ff887ad9a58 call 7ff887ad9b53 666->669 668->668 674 7ff887ad959a-7ff887ad959f 668->674 669->672 670->666 676 7ff887ad9603-7ff887ad9609 670->676 675 7ff887ad95d4-7ff887ad95db 671->675 672->673 679 7ff887ad9a77-7ff887ad9a7d 673->679 680 7ff887ad9a0e 673->680 674->664 675->675 681 7ff887ad95dd-7ff887ad95e2 675->681 682 7ff887ad9629-7ff887ad9645 676->682 683 7ff887ad960b-7ff887ad9614 676->683 687 7ff887ad9a84-7ff887ad9a98 679->687 688 7ff887ad9a7f 679->688 686 7ff887ad9a0f-7ff887ad9a3d 680->686 681->670 690 7ff887ad9647-7ff887ad964b 682->690 691 7ff887ad964d-7ff887ad9656 682->691 689 7ff887ad9617-7ff887ad961e 683->689 696 7ff887ad9a3e-7ff887ad9a48 call 7ff887ad9b07 686->696 688->687 689->689 693 7ff887ad9620-7ff887ad9625 689->693 690->691 694 7ff887ad9658-7ff887ad965c 690->694 695 7ff887ad9669-7ff887ad9671 691->695 693->682 697 7ff887ad9684 694->697 698 7ff887ad965e-7ff887ad9663 694->698 699 7ff887ad9673-7ff887ad9677 695->699 700 7ff887ad9679-7ff887ad9682 695->700 696->669 703 7ff887ad9689-7ff887ad968d 697->703 698->695 699->700 699->703 701 7ff887ad969a-7ff887ad96a1 700->701 704 7ff887ad96a3-7ff887ad96a7 701->704 705 7ff887ad96a9-7ff887ad96b2 701->705 703->697 706 7ff887ad968f-7ff887ad9694 703->706 704->705 708 7ff887ad96b4-7ff887ad96b8 704->708 709 7ff887ad96c5-7ff887ad9767 705->709 706->701 708->697 711 7ff887ad96ba-7ff887ad96bf 708->711 714 7ff887ad97e3-7ff887ad97e6 709->714 715 7ff887ad9769-7ff887ad976c 709->715 711->709 716 7ff887ad97e8-7ff887ad9805 714->716 715->716 717 7ff887ad976e-7ff887ad9770 715->717 718 7ff887ad980d-7ff887ad980f 716->718 722 7ff887ad9772-7ff887ad9777 717->722 723 7ff887ad97bb-7ff887ad97d2 717->723 720 7ff887ad9811-7ff887ad9817 718->720 721 7ff887ad9880-7ff887ad988b 718->721 725 7ff887ad9893-7ff887ad9898 720->725 726 7ff887ad9819-7ff887ad982f 720->726 730 7ff887ad9907-7ff887ad993a 721->730 731 7ff887ad988d 721->731 727 7ff887ad98bd-7ff887ad98cc 722->727 728 7ff887ad977d-7ff887ad9781 722->728 723->718 733 7ff887ad9919-7ff887ad991e 725->733 734 7ff887ad989a-7ff887ad989d 725->734 739 7ff887ad9831 726->739 740 7ff887ad98a0-7ff887ad98a3 726->740 744 7ff887ad98cd-7ff887ad98d3 727->744 728->727 735 7ff887ad9787-7ff887ad978a 728->735 757 7ff887ad9940-7ff887ad9948 730->757 737 7ff887ad98d4-7ff887ad98d8 731->737 738 7ff887ad988f-7ff887ad9891 731->738 751 7ff887ad991f-7ff887ad993a 733->751 734->733 741 7ff887ad989f 734->741 742 7ff887ad97d4-7ff887ad97d7 735->742 743 7ff887ad978c-7ff887ad97b8 735->743 746 7ff887ad98db-7ff887ad98e8 737->746 738->725 747 7ff887ad990d-7ff887ad9918 738->747 748 7ff887ad9833 739->748 750 7ff887ad98a5 740->750 740->751 741->740 742->718 745 7ff887ad97d9-7ff887ad97e1 742->745 743->723 744->737 745->714 753 7ff887ad98ec-7ff887ad9904 746->753 747->733 754 7ff887ad9835-7ff887ad983a 748->754 755 7ff887ad98af 748->755 750->753 756 7ff887ad98a7-7ff887ad98aa 750->756 751->757 753->730 760 7ff887ad98ab-7ff887ad98ae 754->760 763 7ff887ad983c-7ff887ad984c 754->763 756->760 762 7ff887ad9949-7ff887ad99ab 757->762 760->755 762->696 769 7ff887ad99b1-7ff887ad99bc 762->769 763->744 766 7ff887ad984e-7ff887ad986a 763->766 766->746 768 7ff887ad986c-7ff887ad986d 766->768 768->748 770 7ff887ad986f 768->770 769->762 774 7ff887ad99be-7ff887ad99f6 769->774 772 7ff887ad9871 770->772 773 7ff887ad98eb 770->773 775 7ff887ad9873-7ff887ad987d 772->775 776 7ff887ad98b8-7ff887ad98ba 772->776 773->753 774->686 780 7ff887ad99f8-7ff887ad9a05 774->780 775->721 776->727 780->686 782 7ff887ad9a07-7ff887ad9a0d 780->782 782->686
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3820730070.00007FF887AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887AD0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff887ad0000_prod0.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                          • API String ID: 0-2909332022
                                                                                                                                                                                                                                                                          • Opcode ID: fcbab716e4528832715af85d6342e4f4df6661f41371d8a16a9183962c56d481
                                                                                                                                                                                                                                                                          • Instruction ID: 339eaeb984c2ec48338d4111b656c05ca9a58926d674ee970e7524ea2aec2c94
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcbab716e4528832715af85d6342e4f4df6661f41371d8a16a9183962c56d481
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A942D53091DA894FEB68DB2888567A87BE0FF65350F04417ED44DDB2D2DB38E946C782
                                                                                                                                                                                                                                                                          Function 00007FF887AD0690 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3820730070.00007FF887AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887AD0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff887ad0000_prod0.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "M_^
                                                                                                                                                                                                                                                                          • API String ID: 0-3805125458
                                                                                                                                                                                                                                                                          • Opcode ID: 69e6cef125fe3c7768e932e7e8d3197bbf87878e7862d6aa1cef21f714bdd5e4
                                                                                                                                                                                                                                                                          • Instruction ID: bdbf72c1293562475577288ad1db95cf57c7a6eb297198649fe6460113ab02d4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69e6cef125fe3c7768e932e7e8d3197bbf87878e7862d6aa1cef21f714bdd5e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF1D727A2955D4AD701FBBCF8922F97B60FF413B970843B7D8CC8A093DE1CA4458696
                                                                                                                                                                                                                                                                          Function 00007FF887AD0E40 Relevance: .6, Instructions: 599COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1266 7ff887ad0e40-7ff887ad0e50 1267 7ff887ad0e56-7ff887ad0e59 1266->1267 1268 7ff887ad0f2c-7ff887ad0f4c 1266->1268 1270 7ff887ad0f66-7ff887ad0fa0 1267->1270 1271 7ff887ad0e5f-7ff887ad0e66 1267->1271 1268->1270 1277 7ff887ad0fa1-7ff887ad1041 1270->1277 1274 7ff887ad0e8c-7ff887ad0ebd 1271->1274 1275 7ff887ad0e68-7ff887ad0e6c 1271->1275 1284 7ff887ad0ec4-7ff887ad0ee4 1274->1284 1285 7ff887ad0ebf-7ff887ad0ec2 1274->1285 1275->1277 1278 7ff887ad0e72-7ff887ad0e77 1275->1278 1303 7ff887ad1077-7ff887ad1141 1277->1303 1304 7ff887ad1043-7ff887ad1076 1277->1304 1278->1274 1280 7ff887ad0e79-7ff887ad0e8a 1278->1280 1280->1274 1288 7ff887ad0ee5-7ff887ad0ef9 1284->1288 1285->1288 1297 7ff887ad0f1d-7ff887ad0f2b 1288->1297 1298 7ff887ad0efb-7ff887ad0f07 1288->1298 1298->1297 1299 7ff887ad0f09-7ff887ad0f18 call 7ff887ad0678 1298->1299 1299->1297 1320 7ff887ad1176-7ff887ad117d 1303->1320 1321 7ff887ad1143-7ff887ad1149 1303->1321 1304->1303 1322 7ff887ad117e-7ff887ad1186 1320->1322 1321->1322 1323 7ff887ad114b-7ff887ad1175 1321->1323 1324 7ff887ad1193-7ff887ad1196 1322->1324 1325 7ff887ad1188-7ff887ad118e 1322->1325 1323->1320 1326 7ff887ad11a1-7ff887ad11a6 1324->1326 1327 7ff887ad1198 1324->1327 1332 7ff887ad1190 1325->1332 1333 7ff887ad119a-7ff887ad119e 1325->1333 1330 7ff887ad11af-7ff887ad11b5 1326->1330 1331 7ff887ad11a8-7ff887ad11ae 1326->1331 1327->1333 1338 7ff887ad11b6 1330->1338 1331->1330 1331->1338 1332->1324 1333->1331 1335 7ff887ad11a0 1333->1335 1335->1326 1339 7ff887ad11bd-7ff887ad11be 1338->1339 1340 7ff887ad11b8 1338->1340 1341 7ff887ad11c4-7ff887ad120f 1339->1341 1342 7ff887ad11c0 1339->1342 1340->1339 1345 7ff887ad1211-7ff887ad1216 1341->1345 1346 7ff887ad11f9 1341->1346 1342->1341 1347 7ff887ad1219-7ff887ad122f 1345->1347 1349 7ff887ad1231-7ff887ad1236 1347->1349 1350 7ff887ad1239-7ff887ad124f 1349->1350 1352 7ff887ad1251-7ff887ad13b6 1350->1352 1379 7ff887ad13fd-7ff887ad1402 1352->1379 1380 7ff887ad13b8-7ff887ad13be 1352->1380 1383 7ff887ad1404-7ff887ad1406 1379->1383 1380->1383 1384 7ff887ad13c0-7ff887ad13c6 1380->1384 1385 7ff887ad140b-7ff887ad140e 1383->1385 1384->1385 1387 7ff887ad13c8-7ff887ad13ce 1384->1387 1388 7ff887ad1412-7ff887ad1416 1385->1388 1387->1388 1390 7ff887ad13d0-7ff887ad13d6 1387->1390 1391 7ff887ad1419-7ff887ad141e 1388->1391 1390->1391 1394 7ff887ad13d8-7ff887ad13de 1390->1394 1392 7ff887ad1420-7ff887ad1426 1391->1392 1396 7ff887ad1427-7ff887ad142d 1392->1396 1394->1392 1398 7ff887ad13e0-7ff887ad13e6 1394->1398 1398->1396 1401 7ff887ad13e8-7ff887ad13f6 1398->1401 1401->1379
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3820730070.00007FF887AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887AD0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff887ad0000_prod0.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 855e1664e27c4e5685eefd3579fc4f66a229d706f5c6e36fd24d5ce5ea7fbaae
                                                                                                                                                                                                                                                                          • Instruction ID: 2312f454d3ce9c8512dc8941a83448b722773b84f6ac1658661cf7c00f64467e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 855e1664e27c4e5685eefd3579fc4f66a229d706f5c6e36fd24d5ce5ea7fbaae
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A02C91791D56A46EB11BBFC74962FD7F50FF453B5B1842B7D88C8A0C3CE1CA4818296
                                                                                                                                                                                                                                                                          Function 00007FF887AD6DA4 Relevance: 1.6, APIs: 1, Instructions: 116libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1021 7ff887ad6da4-7ff887ad6dab 1022 7ff887ad6db6-7ff887ad6e1f 1021->1022 1023 7ff887ad6dad-7ff887ad6db5 1021->1023 1026 7ff887ad6e21-7ff887ad6e26 1022->1026 1027 7ff887ad6e29-7ff887ad6e5b LoadLibraryW 1022->1027 1023->1022 1026->1027 1028 7ff887ad6e63-7ff887ad6e8a 1027->1028 1029 7ff887ad6e5d 1027->1029 1029->1028
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3820730070.00007FF887AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887AD0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff887ad0000_prod0.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                          • Opcode ID: e95ce2761e7dddb78a75b56d185d10a1a0e3514771d46a644cb7f95d51585035
                                                                                                                                                                                                                                                                          • Instruction ID: d0370b3995b76e1f9445d50066c08579b12af40d39c6d7caadfc2ff80d0f6f8a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e95ce2761e7dddb78a75b56d185d10a1a0e3514771d46a644cb7f95d51585035
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31E63190CA5C8FDB59DB9C9845BE9BBF0FF5A320F04422BD049C3192DB74A415CB91

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:6.3%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                          Signature Coverage:6.4%
                                                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:55
                                                                                                                                                                                                                                                                          execution_graph 97238 638aa2 97239 638aae __FrameHandler3::FrameUnwindToState 97238->97239 97266 6383f9 97239->97266 97241 638ab5 97242 638c08 97241->97242 97251 638adf ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 97241->97251 97285 6393f2 4 API calls 2 library calls 97242->97285 97244 638c0f 97278 64e9fc 97244->97278 97248 638c1d 97249 638afe 97250 638b80 97274 63950d GetStartupInfoW codecvt 97250->97274 97251->97249 97251->97250 97254 638b78 97251->97254 97253 638b85 97275 5c59aa 97253->97275 97281 64c768 54 API calls 4 library calls 97254->97281 97257 638b7f 97257->97250 97260 638ba1 97260->97244 97261 638ba5 97260->97261 97262 638bae 97261->97262 97283 64e9b1 23 API calls std::locale::_Setgloballocale 97261->97283 97284 63856a 79 API calls ___scrt_uninitialize_crt 97262->97284 97265 638bb6 97265->97249 97267 638402 97266->97267 97287 639215 IsProcessorFeaturePresent 97267->97287 97269 63840e 97288 63bd89 10 API calls 2 library calls 97269->97288 97271 638413 97272 638417 97271->97272 97289 63bda8 7 API calls 2 library calls 97271->97289 97272->97241 97274->97253 97290 5c4e1f 97275->97290 102063 64e89a 97278->102063 97281->97257 97282 639543 GetModuleHandleW 97282->97260 97283->97262 97284->97265 97285->97244 97286 64e9c0 23 API calls std::locale::_Setgloballocale 97286->97248 97287->97269 97288->97271 97289->97272 97533 5ed6d0 GetModuleHandleW 97290->97533 97292 5c4e6c 97293 5c4ec6 97292->97293 97787 5c9bb0 InitOnceBeginInitialize 97292->97787 97537 5c4d63 97293->97537 97299 5c4f39 CoInitializeEx 97302 5c4f48 97299->97302 97300 5c4ee0 97303 5c9bb0 125 API calls 97300->97303 97305 5c4f56 97302->97305 97557 5c5a4f 97302->97557 97307 5c4ee5 97303->97307 97594 638760 97305->97594 97308 5c9940 171 API calls 97307->97308 97311 5c4ef5 97308->97311 97314 5c1b84 84 API calls 97311->97314 97316 5c4f16 97314->97316 97315 5c4ebb 97817 5c136c 97315->97817 97820 5c1be0 81 API calls 97316->97820 97320 5c4f91 97322 5c4f9b 97320->97322 97323 5c4ff1 97320->97323 97321 5c4f26 97324 5c136c 170 API calls 97321->97324 97326 5c9bb0 125 API calls 97322->97326 97325 638760 27 API calls 97323->97325 97327 5c4f31 97324->97327 97328 5c5004 97325->97328 97329 5c4fa0 97326->97329 97331 5c58ef 97327->97331 97332 5c58e3 CloseHandle 97327->97332 97601 5c5db6 97328->97601 97330 5c9940 171 API calls 97329->97330 97333 5c4fb0 97330->97333 97851 638367 97331->97851 97332->97331 97336 5c1b84 84 API calls 97333->97336 97339 5c4fd1 97336->97339 97337 5c590c 97337->97282 97338 5c5020 97340 5c502e 97338->97340 97341 5c507b codecvt 97338->97341 97821 5c1be0 81 API calls 97339->97821 97343 5c9bb0 125 API calls 97340->97343 97347 638760 27 API calls 97341->97347 97345 5c5033 97343->97345 97344 5c4fe1 97346 5c136c 170 API calls 97344->97346 97348 5c9940 171 API calls 97345->97348 97353 5c4fec 97346->97353 97349 5c50c0 97347->97349 97350 5c5043 97348->97350 97351 5c50d6 97349->97351 97823 5d6bd0 29 API calls 3 library calls 97349->97823 97352 5c1b84 84 API calls 97350->97352 97605 5c5e16 97351->97605 97356 5c505b 97352->97356 97786 5c59c2 ReleaseMutex 97353->97786 97822 5c1be0 81 API calls 97356->97822 97357 5c58ce 97357->97327 97360 5c58d4 CoUninitialize 97357->97360 97360->97327 97361 5c50e7 97364 5c50f2 97361->97364 97368 5c5143 97361->97368 97362 5c506b 97363 5c136c 170 API calls 97362->97363 97363->97353 97365 5c9bb0 125 API calls 97364->97365 97366 5c50f7 97365->97366 97367 5c9940 171 API calls 97366->97367 97370 5c5107 97367->97370 97611 5f3670 97368->97611 97372 5c1b84 84 API calls 97370->97372 97375 5c5123 97372->97375 97373 5c51ab 97376 5c9bb0 125 API calls 97373->97376 97374 5c51f7 CommandLineToArgvW 97384 5c5284 codecvt 97374->97384 97385 5c5235 97374->97385 97824 5c1be0 81 API calls 97375->97824 97378 5c51b0 97376->97378 97380 5c9940 171 API calls 97378->97380 97379 5c5133 97381 5c136c 170 API calls 97379->97381 97382 5c51c0 97380->97382 97392 5c513e 97381->97392 97386 5c1b84 84 API calls 97382->97386 97391 5c5296 GetModuleFileNameW 97384->97391 97387 5c9bb0 125 API calls 97385->97387 97388 5c51dc 97386->97388 97389 5c523a 97387->97389 97825 5c1be0 81 API calls 97388->97825 97394 5c9940 171 API calls 97389->97394 97396 5c531d 97391->97396 97397 5c52b2 97391->97397 97850 5c5946 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97392->97850 97398 5c524a 97394->97398 97395 5c51ec 97402 5c136c 170 API calls 97395->97402 97645 5cd730 97396->97645 97400 5c9bb0 125 API calls 97397->97400 97401 5c1b84 84 API calls 97398->97401 97404 5c52b7 97400->97404 97405 5c5266 97401->97405 97402->97392 97403 5c532c codecvt 97409 5c5344 GetLongPathNameW 97403->97409 97406 5c9940 171 API calls 97404->97406 97826 5c1be0 81 API calls 97405->97826 97407 5c52c7 97406->97407 97412 5c1b84 84 API calls 97407->97412 97410 5c536d 97409->97410 97411 5c5416 97409->97411 97414 5c9bb0 125 API calls 97410->97414 97670 5c171d 97411->97670 97415 5c52e3 97412->97415 97413 5c5276 GetLastError 97417 5c52ff 97413->97417 97418 5c5372 97414->97418 97827 5c1be0 81 API calls 97415->97827 97423 5c52f3 GetLastError 97423->97417 97534 5ed6df GetProcAddress 97533->97534 97535 5ed6fd 97533->97535 97534->97535 97536 5ed6ef 97534->97536 97535->97292 97536->97292 97858 5c4c8e GetCurrentProcessId 97537->97858 97540 5c4d7f CreateMutexW 97541 5c4df4 WaitForSingleObject 97540->97541 97542 5c4d92 97540->97542 97543 5c4e06 97541->97543 97546 5c4df0 97541->97546 97544 5c9bb0 125 API calls 97542->97544 97545 5c4e0b CloseHandle 97543->97545 97543->97546 97547 5c4d97 97544->97547 97545->97546 97546->97299 97546->97300 97548 5c9940 171 API calls 97547->97548 97549 5c4da5 97548->97549 97550 5c1b84 84 API calls 97549->97550 97551 5c4dc2 97550->97551 97870 5c1be0 81 API calls 97551->97870 97553 5c4dd0 GetLastError 97554 5c6140 80 API calls 97553->97554 97555 5c4de7 97554->97555 97556 5c136c 170 API calls 97555->97556 97556->97546 97558 5c5a5e __EH_prolog3_GS 97557->97558 98372 5c5c1e 97558->98372 97561 5c5a78 97562 5c9bb0 125 API calls 97561->97562 97564 5c5a7d 97562->97564 97563 5c5b92 _com_issue_error 97565 5c9940 171 API calls 97564->97565 97566 5c5a8d 97565->97566 97568 5c1b84 84 API calls 97566->97568 97567 5c5acc 97567->97563 97569 5c5b38 97567->97569 97570 5c5af5 97567->97570 97571 5c5aa9 97568->97571 97574 5c9bb0 125 API calls 97569->97574 97572 5c9bb0 125 API calls 97570->97572 98379 5c1be0 81 API calls 97571->98379 97575 5c5afa 97572->97575 97577 5c5b3d 97574->97577 97578 5c9940 171 API calls 97575->97578 97576 5c5ab9 98380 5c6300 80 API calls 97576->98380 97580 5c9940 171 API calls 97577->97580 97581 5c5b0a 97578->97581 97583 5c5b4d 97580->97583 97585 5c1b84 84 API calls 97581->97585 97582 5c5ac7 97587 5c136c 170 API calls 97582->97587 97584 5c1b84 84 API calls 97583->97584 97586 5c5b69 97584->97586 97588 5c5b26 97585->97588 98382 5c1be0 81 API calls 97586->98382 97590 5c5b84 97587->97590 98381 5c1be0 81 API calls 97588->98381 98383 638def 5 API calls __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 97590->98383 97595 638713 collate 27 API calls 97594->97595 97596 5c4f78 97595->97596 97597 5c5d57 97596->97597 97598 5c5d63 __EH_prolog3 97597->97598 97599 638713 collate 27 API calls 97598->97599 97600 5c5d7c messages _Mpunct 97599->97600 97600->97320 97602 5c5dc2 __EH_prolog3 97601->97602 97603 638713 collate 27 API calls 97602->97603 97604 5c5ddb messages 97603->97604 97604->97338 97606 5c5e22 __EH_prolog3 97605->97606 97607 638713 collate 27 API calls 97606->97607 97608 5c5e3b 97607->97608 98384 5c5eee 97608->98384 97610 5c5e6c messages 97610->97361 97614 5f36ae 97611->97614 97613 5f3750 97615 638713 collate 27 API calls 97613->97615 97643 5f3977 97613->97643 97614->97643 98389 5d6d24 97614->98389 97616 5f375f 97615->97616 97621 5f3799 97616->97621 98556 5f8ba0 27 API calls collate 97616->98556 97618 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97622 5c51a7 97618->97622 97620 5f39df 97620->97618 98435 5f9400 GetModuleHandleW 97621->98435 97622->97373 97622->97374 97643->97620 98563 5f8650 97643->98563 97646 5cd76f 97645->97646 97647 5cd796 97645->97647 97646->97403 97648 5cd7ab 97647->97648 97657 5cd8bc 97647->97657 97649 5cda86 97648->97649 97653 5cd80b 97648->97653 97665 5cd7de codecvt _Mpunct 97648->97665 99640 5c34d0 21 API calls collate 97649->99640 97651 5cda90 99641 5c34d0 21 API calls collate 97651->99641 97652 5cda8b Concurrency::cancel_current_task 97652->97651 97653->97652 97655 5cd84b 97653->97655 97656 5cd872 97653->97656 97655->97652 97659 5cd856 97655->97659 97662 638713 collate 27 API calls 97656->97662 97656->97665 97657->97651 97657->97652 97663 5cd97a 97657->97663 97664 5cd953 97657->97664 97657->97665 97658 63d60f 25 API calls 97660 5cda9a 97658->97660 97661 638713 collate 27 API calls 97659->97661 97661->97665 97662->97665 97663->97665 97668 638713 collate 27 API calls 97663->97668 97664->97652 97666 5cd95e 97664->97666 97665->97658 97669 5cda69 _Mpunct 97665->97669 97667 638713 collate 27 API calls 97666->97667 97667->97665 97668->97665 97669->97403 97671 5c1725 97670->97671 97672 5c347e 28 API calls 97671->97672 97786->97357 97788 5c9bef 97787->97788 97789 5c9c45 97787->97789 97790 5c9c27 97788->97790 101908 5c9c50 97788->101908 101938 6441c9 48 API calls std::locale::_Setgloballocale 97789->101938 97793 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97790->97793 97796 5c4e7a 97793->97796 97797 5c9940 97796->97797 97798 5c9a1c 97797->97798 97799 5c9985 97797->97799 102017 5cb420 170 API calls 3 library calls 97798->102017 97799->97798 97803 5c998e codecvt 97799->97803 97801 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97802 5c4e8a 97801->97802 97812 5c1b84 97802->97812 102014 5cb420 170 API calls 3 library calls 97803->102014 97805 5c99d5 102015 5c9820 81 API calls 97805->102015 97807 5c99e9 102016 5cb690 84 API calls _Mpunct 97807->102016 97809 5c99f8 97810 5cb8a0 170 API calls 97809->97810 97811 5c9a00 std::ios_base::_Ios_base_dtor 97810->97811 97811->97801 97813 5c1bbf 97812->97813 97814 5c1bb6 97812->97814 97816 5c1be0 81 API calls 97813->97816 102018 5c80b0 97814->102018 97816->97315 97818 5cb8a0 170 API calls 97817->97818 97819 5c139a std::ios_base::_Ios_base_dtor 97818->97819 97819->97293 97820->97321 97821->97344 97822->97362 97823->97351 97824->97379 97825->97395 97826->97413 97827->97423 97850->97353 97852 638370 IsProcessorFeaturePresent 97851->97852 97853 63836f 97851->97853 97855 639055 97852->97855 97853->97337 102062 639018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97855->102062 97857 639138 97857->97337 97859 5c4cb0 CreateToolhelp32Snapshot 97858->97859 97860 5c4cc5 Process32FirstW 97859->97860 97869 5c4cdd 97859->97869 97860->97869 97861 5c4ce3 Process32NextW 97861->97869 97862 5c4d44 97864 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97862->97864 97866 5c4d58 97864->97866 97865 5c4cf9 FindCloseChangeNotification 97865->97869 97866->97540 97866->97546 97868 5c3899 5 API calls 97868->97869 97869->97859 97869->97861 97869->97862 97869->97865 97869->97868 97871 5d4590 97869->97871 97882 642041 97869->97882 97870->97553 97890 5d4760 97871->97890 97874 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97877 5d468c 97874->97877 97875 5d4693 97901 63d60f 97875->97901 97876 5d4650 _Mpunct 97876->97874 97877->97869 97879 5d4698 97880 5d46b3 97879->97880 97881 5d46ac CloseHandle 97879->97881 97880->97869 97881->97880 97885 64204f 97882->97885 97886 642072 97882->97886 97884 642055 98367 63d73d 97884->98367 97885->97884 97885->97886 98370 64208d 49 API calls 3 library calls 97886->98370 97887 642088 97887->97869 97889 64205a 97889->97869 97907 5d4200 OpenProcess 97890->97907 97892 5d47a8 97895 5d47b2 97892->97895 97979 5cdaa0 29 API calls 3 library calls 97892->97979 97894 5d47e2 _Mpunct 97897 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97894->97897 97895->97894 97896 5d4935 97895->97896 97899 63d60f 25 API calls 97896->97899 97898 5d4604 97897->97898 97898->97875 97898->97876 97900 5d493a 97899->97900 98365 63d59b 25 API calls 2 library calls 97901->98365 97903 63d61e 98366 63d62c 11 API calls std::locale::_Setgloballocale 97903->98366 97905 67c090 _Mpunct 97905->97879 97906 63d62b 97906->97901 97906->97905 97908 5d4267 97907->97908 97916 5d4310 97907->97916 97909 5c9bb0 125 API calls 97908->97909 97910 5d426c 97909->97910 97912 5c9940 171 API calls 97910->97912 97914 5d427c 97912->97914 97913 5d4351 QueryFullProcessImageNameW 97915 5d4375 GetLastError 97913->97915 97913->97916 97918 5c1b84 84 API calls 97914->97918 97915->97916 97919 5d4387 97915->97919 97917 5d447f 97916->97917 97980 5d46c0 97916->97980 97920 5c9bb0 125 API calls 97917->97920 97921 5d4298 97918->97921 97922 5c9bb0 125 API calls 97919->97922 97923 5d4484 97920->97923 98012 5c1cc0 81 API calls 97921->98012 97925 5d438c 97922->97925 97926 5c9940 171 API calls 97923->97926 97928 5c9940 171 API calls 97925->97928 97929 5d4494 97926->97929 97927 5d42a3 97930 5c6140 80 API calls 97927->97930 97931 5d439c 97928->97931 97932 5c1b84 84 API calls 97929->97932 97933 5d42b1 97930->97933 97934 5c1b84 84 API calls 97931->97934 97935 5d44b0 97932->97935 97936 5d4940 81 API calls 97933->97936 97937 5d43b8 97934->97937 98013 5c1be0 81 API calls 97935->98013 97940 5d42bc GetLastError 97936->97940 97986 5d49d0 97937->97986 97943 5c6140 80 API calls 97940->97943 97941 5d43c3 97944 5c6140 80 API calls 97941->97944 97942 5d44c0 97945 5c6140 80 API calls 97942->97945 97946 5d42d3 97943->97946 97948 5d43d1 97944->97948 97949 5d44ce 97945->97949 97947 5cb8a0 170 API calls 97946->97947 97957 5d42de std::ios_base::_Ios_base_dtor 97947->97957 97991 5d4940 97948->97991 98014 5d4a60 81 API calls 97949->98014 97952 5d44d9 97954 5c4190 5 API calls 97952->97954 97953 5d43dc 97955 5c6140 80 API calls 97953->97955 97956 5d44f5 97954->97956 97958 5d43ea 97955->97958 97959 5cb8a0 170 API calls 97956->97959 97961 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97957->97961 97996 5cb8a0 97958->97996 97965 5d4462 std::ios_base::_Ios_base_dtor _Mpunct 97959->97965 97962 5d457a 97961->97962 97962->97892 97963 5d43f5 std::ios_base::_Ios_base_dtor 97963->97965 97966 5d4581 97963->97966 97964 5d455a CloseHandle 97964->97957 97965->97957 97965->97964 97967 63d60f 25 API calls 97966->97967 97968 5d4586 97967->97968 97969 5d4760 210 API calls 97968->97969 97970 5d4604 97969->97970 97972 5d4693 97970->97972 97973 5d4650 _Mpunct 97970->97973 97971 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 97974 5d468c 97971->97974 97975 63d60f 25 API calls 97972->97975 97973->97971 97974->97892 97976 5d4698 97975->97976 97977 5d46b3 97976->97977 97978 5d46ac CloseHandle 97976->97978 97977->97892 97978->97977 97979->97895 97981 5d46e9 97980->97981 97982 5d46d3 97980->97982 97985 5d46fa 97981->97985 98015 5c8eb0 28 API calls 3 library calls 97981->98015 97982->97913 97984 5d474a 97984->97913 97985->97913 97987 5d4a0c 97986->97987 97988 5d4a3e 97986->97988 98016 5c20a0 81 API calls 3 library calls 97987->98016 97988->97941 97990 5d4a1e 97990->97941 97992 5d497c 97991->97992 97993 5d49ae 97991->97993 98017 5c20a0 81 API calls 3 library calls 97992->98017 97993->97953 97995 5d498e 97995->97953 97997 5cb8ff 97996->97997 98005 5cb96c _Mpunct 97996->98005 98018 5c9ab0 97997->98018 98000 5cb910 98023 5cba20 98000->98023 98001 5cb9e0 98001->97963 98003 5cb927 98037 5d20f0 98003->98037 98041 5d0890 98003->98041 98109 5d07c0 98003->98109 98004 5cb93c 98004->98005 98006 5cba0d 98004->98006 98181 5ccd20 98005->98181 98007 63d60f 25 API calls 98006->98007 98008 5cba12 98007->98008 98012->97927 98013->97942 98014->97952 98015->97984 98016->97990 98017->97995 98019 5c9aec 98018->98019 98020 5c9b1a 98018->98020 98184 5c20a0 81 API calls 3 library calls 98019->98184 98020->98000 98022 5c9afa 98022->98000 98025 5cba83 98023->98025 98024 5cbba2 98201 5c34d0 21 API calls collate 98024->98201 98025->98024 98028 5cbb9d Concurrency::cancel_current_task 98025->98028 98030 5cbb64 98025->98030 98031 5cbb43 98025->98031 98034 5cbaca codecvt 98025->98034 98027 5cbb50 98029 63d60f 25 API calls 98027->98029 98027->98034 98028->98024 98032 5cbbac 98029->98032 98030->98034 98036 638713 collate 27 API calls 98030->98036 98031->98028 98033 5cbb4a 98031->98033 98185 638713 98033->98185 98034->98003 98036->98034 98038 5d2123 98037->98038 98039 5d20f9 98037->98039 98038->98004 98039->98038 98202 644ef7 98039->98202 98210 623bab 98041->98210 98044 5d08e8 98046 5d08f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 98044->98046 98050 5d0a51 codecvt 98044->98050 98045 5d1045 98331 623faf 98045->98331 98051 5d0911 98046->98051 98062 5d0fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 98046->98062 98048 5d104b 98049 63d60f 25 API calls 98048->98049 98060 5d0f65 98049->98060 98243 5d3110 98050->98243 98213 5cf520 98051->98213 98052 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 98055 5d103f 98052->98055 98055->98004 98056 5d0a84 98058 5d0fa9 98056->98058 98065 638713 collate 27 API calls 98056->98065 98107 5d0c43 codecvt 98056->98107 98057 5d0991 98228 5ce640 98057->98228 98330 5d2b90 73 API calls _Mpunct 98058->98330 98346 5c28d1 27 API calls 3 library calls 98060->98346 98062->98052 98069 5d0ae1 codecvt 98065->98069 98068 5d09ec _Mpunct 98070 5d0a1d 98068->98070 98071 5d0a31 98068->98071 98283 623367 98069->98283 98070->98062 98075 5d0a25 LocalFree 98070->98075 98071->98050 98074 5d0a42 LocalFree 98071->98074 98074->98050 98075->98062 98258 5c89b0 98107->98258 98110 5d07cb _Mpunct 98109->98110 98111 63d60f 25 API calls 98110->98111 98112 5d083b __Mtx_destroy_in_situ _Mpunct 98110->98112 98113 5d0884 98111->98113 98112->98004 98114 623bab 13 API calls 98113->98114 98115 5d08dd 98114->98115 98116 5d08e8 98115->98116 98117 5d1045 98115->98117 98118 5d08f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 98116->98118 98122 5d0a51 codecvt 98116->98122 98119 623faf 79 API calls 98117->98119 98123 5d0911 98118->98123 98134 5d0fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 98118->98134 98120 5d104b 98119->98120 98121 63d60f 25 API calls 98120->98121 98132 5d0f65 98121->98132 98125 5d3110 107 API calls 98122->98125 98126 5cf520 28 API calls 98123->98126 98124 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 98127 5d103f 98124->98127 98128 5d0a84 98125->98128 98129 5d0991 98126->98129 98127->98004 98130 5d0fa9 98128->98130 98137 638713 collate 27 API calls 98128->98137 98179 5d0c43 codecvt 98128->98179 98133 5ce640 87 API calls 98129->98133 98356 5d2b90 73 API calls _Mpunct 98130->98356 98357 5c28d1 27 API calls 3 library calls 98132->98357 98136 5d09a4 98133->98136 98134->98124 98136->98120 98140 5d09ec _Mpunct 98136->98140 98141 5d0ae1 codecvt 98137->98141 98138 5c89b0 27 API calls 98144 5d0d38 98138->98144 98139 5d1087 98145 63a332 _com_raise_error RaiseException 98139->98145 98142 5d0a1d 98140->98142 98143 5d0a31 98140->98143 98150 623367 std::_Lockit::_Lockit 7 API calls 98141->98150 98142->98134 98147 5d0a25 LocalFree 98142->98147 98143->98122 98146 5d0a42 LocalFree 98143->98146 98149 5c2c9c 5 API calls 98144->98149 98156 5d0d68 98144->98156 98148 5d1098 98145->98148 98146->98122 98147->98134 98149->98156 98151 5d0b0d 98150->98151 98350 623184 77 API calls 2 library calls 98151->98350 98152 5c2c9c 5 API calls 98154 5d0e1f 98152->98154 98163 5d0e6e 98154->98163 98180 5d2310 70 API calls 98154->98180 98155 5d0b55 98351 6233f6 48 API calls 3 library calls 98155->98351 98156->98130 98156->98132 98156->98152 98158 5d0b61 98352 5c3128 77 API calls 3 library calls 98158->98352 98163->98130 98164 5d3030 73 API calls 98163->98164 98165 5d0f29 98164->98165 98165->98132 98179->98138 98180->98163 98358 5ccc80 98181->98358 98183 5ccd2f _Mpunct 98183->98001 98184->98022 98188 638718 98185->98188 98186 64594f _Yarn 15 API calls 98186->98188 98187 638732 98187->98027 98188->98186 98188->98187 98189 64f60f collate EnterCriticalSection LeaveCriticalSection 98188->98189 98191 5c3599 collate 98188->98191 98189->98188 98190 63873e 98190->98190 98191->98190 98192 63a332 _com_raise_error RaiseException 98191->98192 98193 5c35c5 98191->98193 98192->98191 98194 638713 collate 27 API calls 98193->98194 98195 5c35cb 98194->98195 98196 5c35d2 98195->98196 98199 5c35dc 98195->98199 98196->98027 98197 63d59b 25 API calls 98197->98199 98198 63d62c __Getctype 11 API calls 98198->98199 98199->98197 98199->98198 98200 67c090 _Mpunct 98199->98200 98200->98027 98203 644f09 98202->98203 98206 644f12 ___scrt_uninitialize_crt 98202->98206 98204 644d9c ___scrt_uninitialize_crt 72 API calls 98203->98204 98205 644f0f 98204->98205 98205->98038 98207 644f23 98206->98207 98208 644d3c 72 API calls 98206->98208 98207->98038 98209 644f4a 98208->98209 98209->98038 98211 62394b 13 API calls 98210->98211 98212 5d08dd 98211->98212 98212->98044 98212->98045 98216 5cf541 codecvt 98213->98216 98217 5cf571 98213->98217 98214 5cf677 98215 5c34d0 collate 21 API calls 98214->98215 98226 5cf5e4 codecvt 98215->98226 98216->98057 98217->98214 98219 5cf672 Concurrency::cancel_current_task 98217->98219 98221 5cf5fa 98217->98221 98222 5cf5d3 98217->98222 98218 63d60f 25 API calls 98220 5cf681 98218->98220 98219->98214 98224 638713 collate 27 API calls 98221->98224 98221->98226 98222->98219 98223 5cf5de 98222->98223 98225 638713 collate 27 API calls 98223->98225 98224->98226 98225->98226 98226->98218 98227 5cf658 _Mpunct 98226->98227 98227->98057 98229 5ce67e 98228->98229 98230 5ce680 GetFileAttributesW 98228->98230 98229->98230 98231 5ce724 _Mpunct 98230->98231 98235 5ce690 98230->98235 98232 5ce736 CreateDirectoryW 98231->98232 98233 5ce74f 98232->98233 98234 5ce742 GetLastError 98232->98234 98233->98048 98233->98068 98234->98233 98235->98231 98235->98235 98236 5cf520 28 API calls 98235->98236 98237 5ce6ec 98236->98237 98238 5cd6d0 83 API calls 98237->98238 98239 5ce6f8 98238->98239 98239->98231 98240 5ce77d 98239->98240 98241 63d60f 25 API calls 98240->98241 98242 5ce782 98241->98242 98244 5cbe30 83 API calls 98243->98244 98245 5d31ba 98244->98245 98246 5cbbb0 57 API calls 98245->98246 98247 5d31e3 98246->98247 98248 6240b7 73 API calls 98247->98248 98251 5d3388 98247->98251 98249 5d3281 98248->98249 98250 5d328f 98249->98250 98249->98251 98254 5d3400 80 API calls 98250->98254 98252 5c28d1 27 API calls 98251->98252 98257 5d3333 98251->98257 98253 5d33e3 98252->98253 98255 63a332 _com_raise_error RaiseException 98253->98255 98254->98257 98256 5d33f1 98255->98256 98257->98056 98259 5c89ff 98258->98259 98260 5c2c9c IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98259->98260 98265 5c8a1b 98260->98265 98284 623376 98283->98284 98285 62337d 98283->98285 98286 64cda8 std::_Lockit::_Lockit 6 API calls 98284->98286 98287 5d0b0d 98285->98287 98288 626883 std::_Lockit::_Lockit EnterCriticalSection 98285->98288 98286->98287 98288->98287 98330->98062 98335 623fba 98331->98335 98332 6441c9 98333 654be4 std::locale::_Setgloballocale EnterCriticalSection LeaveCriticalSection 98332->98333 98337 6441ce 98333->98337 98334 623fcd 98336 623fdc 78 API calls 98334->98336 98335->98332 98335->98334 98336->98334 98338 6441d9 98337->98338 98339 654c32 std::locale::_Setgloballocale 48 API calls 98337->98339 98340 644202 98338->98340 98341 6441e3 IsProcessorFeaturePresent 98338->98341 98339->98338 98342 64e9c0 std::locale::_Setgloballocale 23 API calls 98340->98342 98343 6441ef 98341->98343 98344 64420c 98342->98344 98345 63d453 std::locale::_Setgloballocale 8 API calls 98343->98345 98345->98340 98350->98155 98351->98158 98356->98134 98357->98139 98359 5ccccb _Mpunct 98358->98359 98360 5ccc89 98358->98360 98359->98183 98360->98359 98361 63d60f 25 API calls 98360->98361 98362 5ccd1f 98361->98362 98363 5ccc80 25 API calls 98362->98363 98364 5ccd2f _Mpunct 98363->98364 98364->98183 98365->97903 98366->97906 98371 651e00 14 API calls 2 library calls 98367->98371 98369 63d742 98369->97889 98370->97887 98371->98369 98373 5c5c64 CoCreateInstance 98372->98373 98374 5c5c54 98372->98374 98375 5c5c95 98373->98375 98376 5c5c86 OleRun 98373->98376 98374->98373 98377 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 98375->98377 98376->98375 98378 5c5a71 98377->98378 98378->97561 98378->97567 98379->97576 98380->97582 98381->97576 98382->97582 98385 5c5ef5 98384->98385 98387 5c5efc _Mpunct 98384->98387 98388 5c5f8a 5 API calls 2 library calls 98385->98388 98387->97610 98390 5d6d30 98389->98390 98397 5d6ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 98389->98397 98391 5d6dff 98390->98391 98392 5d6d3e 98390->98392 98393 638760 27 API calls 98391->98393 98394 638760 27 API calls 98392->98394 98395 5d6e09 98393->98395 98396 5d6d48 98394->98396 98408 5d6db6 98395->98408 98596 5dce00 98395->98596 98399 5dce00 211 API calls 98396->98399 98396->98408 98397->97613 98400 5d6d63 98399->98400 98724 623b8a 98400->98724 98401 5d6e52 98404 5c9bb0 125 API calls 98401->98404 98407 5d6e57 98404->98407 98405 638713 collate 27 API calls 98405->98408 98406 5d6ed1 98667 5de380 98406->98667 98409 5c9940 171 API calls 98407->98409 98408->98401 98408->98406 98411 5d6e67 98409->98411 98412 5c1b84 84 API calls 98411->98412 98414 5d6e83 98412->98414 98727 5d8e90 81 API calls 98414->98727 98418 5d6e8e 98436 5f9485 GetProcAddress 98435->98436 98438 5f94c2 98435->98438 98437 5f9497 GetCurrentProcess 98436->98437 98436->98438 98439 5f94b1 98437->98439 99513 5c347e 98438->99513 98439->98438 98441 5f94fc 98442 5c347e 28 API calls 98441->98442 98443 5f954c 98442->98443 99517 5f8c60 98443->99517 98556->97621 98564 5f8b75 98563->98564 98574 5f86ab swprintf 98563->98574 99639 5f8400 91 API calls 3 library calls 98564->99639 98566 5f8b89 98586 5f88f1 _Mpunct 98566->98586 98568 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 98569 5f8b71 98568->98569 98569->97620 98570 5f870d codecvt 99633 5e1820 98570->99633 98571 641faa swprintf 54 API calls 98571->98574 98574->98570 98574->98571 98577 5f8895 98574->98577 99632 5c9050 28 API calls 98574->99632 98575 638713 collate 27 API calls 98576 5f8815 98575->98576 98578 5f8834 98576->98578 98579 623084 std::locale::_Init 57 API calls 98576->98579 99619 5c4880 98577->99619 98580 5c4300 5 API calls 98578->98580 98579->98578 98582 5f89da 98580->98582 99637 5c6500 80 API calls 2 library calls 98582->99637 98586->98568 98588 5f89fe 98597 638713 collate 27 API calls 98596->98597 98598 5dce81 98597->98598 98599 638713 collate 27 API calls 98598->98599 98600 5dcf42 98599->98600 98601 638713 collate 27 API calls 98600->98601 98602 5dcfa0 98601->98602 98603 638713 collate 27 API calls 98602->98603 98604 5dd013 98603->98604 98605 638713 collate 27 API calls 98604->98605 98668 623bab 13 API calls 98667->98668 98669 5de3b7 98668->98669 98670 5de3be 98669->98670 98671 5de3fa 98669->98671 98847 5dde80 98670->98847 98673 623faf 79 API calls 98671->98673 98675 5de400 98673->98675 98676 5de4bf 98675->98676 98677 5de446 98675->98677 98680 623bab 13 API calls 98676->98680 98678 5c9bb0 125 API calls 98677->98678 99506 6238db 98724->99506 98726 5d6d80 98726->98405 98727->98418 98848 5ddf26 98847->98848 98849 5ddeb1 98847->98849 98850 5de047 98848->98850 98866 5ddf4e 98848->98866 98851 5c9bb0 125 API calls 98849->98851 98853 5c9bb0 125 API calls 98850->98853 98852 5ddeb6 98851->98852 98854 5c9940 171 API calls 98852->98854 98855 5de04c 98853->98855 98865 5de015 98866->98865 98869 5c9bb0 125 API calls 98866->98869 99509 6238e8 99506->99509 99507 6238c4 InitializeSRWLock 99507->98726 99508 6238a6 InitializeCriticalSectionEx 99508->98726 99509->99507 99509->99508 99514 5c34b8 99513->99514 99515 5c348d codecvt 99513->99515 99514->99515 99591 5c33ed 28 API calls 2 library calls 99514->99591 99515->98441 99520 5f8c9d 99517->99520 99518 5f8cfc 99519 5f8d79 99520->99518 99520->99519 99526 5f8ceb 99520->99526 99591->99515 99620 5c9bb0 125 API calls 99619->99620 99621 5c48ad 99620->99621 99622 5c9940 171 API calls 99621->99622 99623 5c48ba 99622->99623 99624 5c1b84 84 API calls 99623->99624 99625 5c48d5 99624->99625 99626 5c4190 5 API calls 99625->99626 99627 5c48e3 99626->99627 99628 5c136c 170 API calls 99627->99628 99629 5c48ec 99628->99629 99632->98574 99634 5e1858 99633->99634 99635 5cbe30 83 API calls 99634->99635 99636 5e18c7 99635->99636 99636->98575 99637->98588 99639->98566 101939 5ce310 ConvertStringSecurityDescriptorToSecurityDescriptorW 101908->101939 101911 5ca048 _Mpunct 101913 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 101911->101913 101912 638760 27 API calls 101914 5c9cc1 101912->101914 101916 5c9c11 InitOnceComplete 101913->101916 101918 5ed900 27 API calls 101914->101918 101937 5c9e24 codecvt 101914->101937 101915 5ca072 101917 63d60f 25 API calls 101915->101917 101916->97789 101916->97790 101920 5ca077 101917->101920 101922 5c9cec 101918->101922 101919 638713 collate 27 API calls 101923 5c9eec _Mpunct 101919->101923 101921 5ed900 27 API calls 101925 5c9f7e 101921->101925 101924 5ed900 27 API calls 101922->101924 101923->101915 101923->101921 101926 5c9d4c 101924->101926 101925->101911 101925->101915 101927 623b8a __Mtx_init_in_situ 2 API calls 101926->101927 101928 5c9dd9 101927->101928 101960 5d1130 101928->101960 101930 5c9def 101931 5ca06d Concurrency::cancel_current_task 101930->101931 101932 5c9e9b 101930->101932 101933 5c9e74 101930->101933 101930->101937 101931->101915 101936 638713 collate 27 API calls 101932->101936 101932->101937 101933->101931 101934 5c9e7f 101933->101934 101935 638713 collate 27 API calls 101934->101935 101935->101937 101936->101937 101937->101915 101937->101919 101940 5ce37d 101939->101940 101947 5ce376 _Mpunct 101939->101947 101941 5cdeb0 96 API calls 101940->101941 101943 5ce3d9 101941->101943 101942 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 101945 5c9ca2 101942->101945 101944 5ce3e8 codecvt 101943->101944 101948 5ce3dd 101943->101948 101946 5ce425 GetModuleFileNameW 101944->101946 101945->101912 101945->101925 101949 5ce443 101946->101949 101956 5ce54f _Mpunct 101946->101956 101947->101942 101948->101947 101950 5ce62e 101948->101950 101981 5cdaa0 29 API calls 3 library calls 101949->101981 101953 63d60f 25 API calls 101950->101953 101952 5ce454 101955 5cdc20 96 API calls 101952->101955 101952->101956 101954 5ce633 101953->101954 101958 5ce49d _Mpunct 101955->101958 101956->101948 101956->101950 101957 5ce629 101959 63d60f 25 API calls 101957->101959 101958->101956 101958->101957 101959->101950 101982 5d3d80 101960->101982 101964 5d1183 101965 5d119d 101964->101965 101966 5d13d8 101964->101966 101968 5c40e8 28 API calls 101965->101968 102010 5c34d0 21 API calls collate 101966->102010 101969 5d11bc 101968->101969 102006 5d3640 28 API calls codecvt 101969->102006 101970 63d60f 25 API calls 101972 5d13e2 101970->101972 101973 5d11cc 102007 5d3590 28 API calls codecvt 101973->102007 101975 5d11df 102008 5cf310 28 API calls 2 library calls 101975->102008 101977 5d11f5 102009 5d3590 28 API calls codecvt 101977->102009 101979 5d1208 _Mpunct 101979->101970 101980 5d13b9 _Mpunct 101979->101980 101980->101930 101981->101952 102011 63a3a0 101982->102011 101984 5d3de7 WTSGetActiveConsoleSessionId 101985 5d3e0b OutputDebugStringW 101984->101985 101986 5d3e15 101984->101986 101993 5d3e57 codecvt _Mpunct 101985->101993 101986->101985 101990 5d3e3e 101986->101990 101988 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 101989 5d1172 101988->101989 102005 5d3fd0 70 API calls 2 library calls 101989->102005 101991 5d3e4a 101990->101991 101992 5d3f81 OutputDebugStringW 101990->101992 101991->101993 101994 5d3fc0 101991->101994 101995 5d3e90 101991->101995 101992->101993 101993->101988 102013 5c34d0 21 API calls collate 101994->102013 101998 5d3fca Concurrency::cancel_current_task 101995->101998 102000 5d3f0e 101995->102000 102001 5d3ee7 101995->102001 101997 5d3fc5 101999 63d60f 25 API calls 101997->101999 101999->101998 102002 638713 collate 27 API calls 102000->102002 102004 5d3ef8 codecvt 102000->102004 102001->101998 102003 638713 collate 27 API calls 102001->102003 102002->102004 102003->102004 102004->101993 102004->101997 102005->101964 102006->101973 102007->101975 102008->101977 102009->101979 102012 63a3b8 102011->102012 102012->101984 102012->102012 102014->97805 102015->97807 102016->97809 102017->97811 102019 5c80f9 102018->102019 102033 5c8185 _Mpunct 102018->102033 102037 5c7f60 102019->102037 102022 5c4300 5 API calls 102023 5c8109 102022->102023 102049 5c81d0 28 API calls 4 library calls 102023->102049 102025 5c8119 102026 5c89b0 27 API calls 102025->102026 102027 5c8130 102026->102027 102028 5c4300 5 API calls 102027->102028 102029 5c813e 102028->102029 102050 5c8730 80 API calls _com_raise_error 102029->102050 102031 5c814b 102032 5c4300 5 API calls 102031->102032 102034 5c8156 102032->102034 102033->97813 102034->102033 102035 63d60f 25 API calls 102034->102035 102036 5c81c5 102035->102036 102038 5c7faa 102037->102038 102048 5c8076 102037->102048 102051 623cd6 102038->102051 102039 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102041 5c809e 102039->102041 102041->102022 102042 5c7faf std::_Stodx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 102054 5c9620 81 API calls _com_raise_error 102042->102054 102044 5c8036 102055 5c8530 80 API calls _com_raise_error 102044->102055 102046 5c806b 102047 5c4300 5 API calls 102046->102047 102047->102048 102048->102039 102049->102025 102050->102031 102056 626d6a 102051->102056 102054->102044 102055->102046 102057 626d87 GetSystemTimeAsFileTime 102056->102057 102058 626d7b GetSystemTimePreciseAsFileTime 102056->102058 102059 623ce4 102057->102059 102058->102059 102059->102042 102062->97857 102064 64e8a8 102063->102064 102065 64e8ba 102063->102065 102091 639543 GetModuleHandleW 102064->102091 102075 64e741 102065->102075 102068 64e8ad 102068->102065 102092 64e940 GetModuleHandleExW 102068->102092 102070 638c15 102070->97286 102076 64e74d __FrameHandler3::FrameUnwindToState 102075->102076 102098 64cd41 EnterCriticalSection 102076->102098 102078 64e757 102099 64e7ad 102078->102099 102080 64e764 102103 64e782 102080->102103 102083 64e8fe 102108 657cf2 GetPEB 102083->102108 102086 64e92d 102089 64e940 std::locale::_Setgloballocale 3 API calls 102086->102089 102087 64e90d GetPEB 102087->102086 102088 64e91d GetCurrentProcess TerminateProcess 102087->102088 102088->102086 102090 64e935 ExitProcess 102089->102090 102091->102068 102093 64e982 102092->102093 102094 64e95f GetProcAddress 102092->102094 102095 64e8b9 102093->102095 102096 64e988 FreeLibrary 102093->102096 102097 64e974 102094->102097 102095->102065 102096->102095 102097->102093 102098->102078 102100 64e7b9 __FrameHandler3::FrameUnwindToState 102099->102100 102101 64e81a std::locale::_Setgloballocale 102100->102101 102106 64f40b 14 API calls std::locale::_Setgloballocale 102100->102106 102101->102080 102107 64cd91 LeaveCriticalSection 102103->102107 102105 64e770 102105->102070 102105->102083 102106->102101 102107->102105 102109 657d0c 102108->102109 102110 64e908 102108->102110 102112 6542b4 5 API calls _unexpected 102109->102112 102110->102086 102110->102087 102112->102110 102113 6214c6 102114 6214d0 102113->102114 102117 62293c 102114->102117 102143 62269d 102117->102143 102120 6229a9 102122 6228da DloadReleaseSectionWriteAccess 8 API calls 102120->102122 102121 6229cd 102124 622a45 LoadLibraryExA 102121->102124 102125 622aa6 102121->102125 102132 622ab8 102121->102132 102139 622b74 102121->102139 102123 6229b4 RaiseException 102122->102123 102137 6214dd 102123->102137 102124->102125 102126 622a58 GetLastError 102124->102126 102127 622ab1 FreeLibrary 102125->102127 102125->102132 102128 622a81 102126->102128 102129 622a6b 102126->102129 102127->102132 102133 6228da DloadReleaseSectionWriteAccess 8 API calls 102128->102133 102129->102125 102129->102128 102130 622b16 GetProcAddress 102131 622b26 GetLastError 102130->102131 102130->102139 102134 622b39 102131->102134 102132->102130 102132->102139 102136 622a8c RaiseException 102133->102136 102138 6228da DloadReleaseSectionWriteAccess 8 API calls 102134->102138 102134->102139 102136->102137 102140 622b5a RaiseException 102138->102140 102149 6228da 102139->102149 102141 62269d ___delayLoadHelper2@8 7 API calls 102140->102141 102142 622b71 102141->102142 102142->102139 102144 6226a9 102143->102144 102145 6226ca 102143->102145 102157 622743 102144->102157 102145->102120 102145->102121 102147 6226ae 102147->102145 102162 62286c 102147->102162 102150 62290e 102149->102150 102151 6228ec 102149->102151 102150->102137 102152 622743 DloadReleaseSectionWriteAccess 4 API calls 102151->102152 102153 6228f1 102152->102153 102154 622909 102153->102154 102155 62286c DloadProtectSection 3 API calls 102153->102155 102169 622910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 102154->102169 102155->102154 102167 6226d0 GetModuleHandleW GetProcAddress GetProcAddress 102157->102167 102159 622748 102160 622760 AcquireSRWLockExclusive 102159->102160 102161 622764 102159->102161 102160->102147 102161->102147 102164 622881 DloadObtainSection 102162->102164 102163 622887 102163->102145 102164->102163 102165 6228bc VirtualProtect 102164->102165 102168 622782 VirtualQuery GetSystemInfo 102164->102168 102165->102163 102167->102159 102168->102165 102169->102150 102170 5e5318 102171 6388fa 6 API calls 102170->102171 102172 5e5322 102171->102172 102174 638713 collate 27 API calls 102172->102174 102270 5e571a 102172->102270 102176 5e535e 102174->102176 102175 5e575a GetModuleHandleW 102180 5e5816 102175->102180 102287 5e4a40 102176->102287 102179 5e53a7 102181 5e4a40 33 API calls 102179->102181 102184 5e6440 27 API calls 102180->102184 102182 5e53ba 102181->102182 102183 5e4a40 33 API calls 102182->102183 102185 5e53cb 102183->102185 102186 5e5885 102184->102186 102309 5e61f0 29 API calls 3 library calls 102185->102309 102304 5e65c0 102186->102304 102189 5e588c 102191 5e6440 27 API calls 102189->102191 102190 5e53e9 102192 5e4a40 33 API calls 102190->102192 102199 5e595c 102191->102199 102193 5e5486 102192->102193 102194 5e4a40 33 API calls 102193->102194 102195 5e5499 102194->102195 102196 5e4a40 33 API calls 102195->102196 102197 5e54aa 102196->102197 102310 5e61f0 29 API calls 3 library calls 102197->102310 102202 5e6440 27 API calls 102199->102202 102200 5e54c8 102201 5e4a40 33 API calls 102200->102201 102203 5e5565 102201->102203 102210 5e5ae8 102202->102210 102204 5e4a40 33 API calls 102203->102204 102205 5e5578 102204->102205 102206 5e4a40 33 API calls 102205->102206 102207 5e5589 102206->102207 102311 5e61f0 29 API calls 3 library calls 102207->102311 102209 5e55a7 102216 5e4a40 33 API calls 102209->102216 102211 5e5b83 std::ios_base::_Ios_base_dtor _Mpunct 102210->102211 102315 5c11f3 29 API calls 2 library calls 102210->102315 102214 5e6440 27 API calls 102211->102214 102213 5e5bdb 102215 5e5be6 102213->102215 102222 5e5cfc _Mpunct 102213->102222 102225 5e5cc5 102214->102225 102217 5c9bb0 125 API calls 102215->102217 102218 5e564e 102216->102218 102220 5e5beb 102217->102220 102221 5e4a40 33 API calls 102218->102221 102219 5e6440 27 API calls 102223 5e5d62 102219->102223 102224 5c9940 171 API calls 102220->102224 102226 5e5661 102221->102226 102222->102219 102223->102211 102317 5daad0 28 API calls 3 library calls 102223->102317 102227 5e5bfb 102224->102227 102228 5e5de7 102225->102228 102229 5e5e30 102225->102229 102245 5e5cd3 codecvt 102225->102245 102230 5e4a40 33 API calls 102226->102230 102235 5c1b84 84 API calls 102227->102235 102231 5e6085 Concurrency::cancel_current_task 102228->102231 102232 5e5df2 102228->102232 102238 638713 collate 27 API calls 102229->102238 102229->102245 102233 5e5672 102230->102233 102240 5e608a 102231->102240 102236 638713 collate 27 API calls 102232->102236 102312 5e61f0 29 API calls 3 library calls 102233->102312 102239 5e5c17 102235->102239 102236->102245 102238->102245 102316 5c1be0 81 API calls 102239->102316 102243 63d60f 25 API calls 102240->102243 102242 5e5ebc _Mpunct 102250 5e6440 27 API calls 102242->102250 102267 5e5f73 _Mpunct 102242->102267 102244 5e608f 102243->102244 102248 63d60f 25 API calls 102244->102248 102245->102240 102245->102242 102246 5e5690 102251 638713 collate 27 API calls 102246->102251 102247 5e5c27 102249 5cb8a0 170 API calls 102247->102249 102261 5e6094 _Mpunct 102248->102261 102249->102211 102255 5e5f2f 102250->102255 102256 5e56d2 102251->102256 102252 5e5f82 GetModuleHandleW 102253 5e5f95 GetProcAddress 102252->102253 102254 5e5fc1 102252->102254 102253->102254 102257 5e5fa7 GetCurrentProcess 102253->102257 102264 5e6440 27 API calls 102254->102264 102258 5e5f45 102255->102258 102318 5daad0 28 API calls 3 library calls 102255->102318 102313 6385bf 17 API calls 102256->102313 102257->102254 102258->102244 102258->102252 102258->102267 102279 5e6166 _Mpunct 102261->102279 102323 5e67b0 26 API calls _Mpunct 102261->102323 102263 5e5710 102314 6388b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 102263->102314 102268 5e6022 102264->102268 102265 5e60f4 102275 5e610e SysFreeString 102265->102275 102276 5e611b _Mpunct 102265->102276 102267->102252 102319 5c36db 27 API calls collate 102268->102319 102269 63d60f 25 API calls 102272 5e61d9 102269->102272 102294 5e6440 102270->102294 102273 5e61b4 _Mpunct 102274 5e602a 102320 5c372a 5 API calls collate 102274->102320 102275->102276 102277 5e6159 SysFreeString 102276->102277 102276->102279 102277->102279 102279->102269 102279->102273 102280 5e6032 102321 5c372a 5 API calls collate 102280->102321 102282 5e603a 102322 5c372a 5 API calls collate 102282->102322 102284 5e6042 102285 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102284->102285 102286 5e6059 102285->102286 102288 638713 collate 27 API calls 102287->102288 102289 5e4a6e 102288->102289 102291 5e4aa5 _com_issue_error 102289->102291 102324 639900 102289->102324 102292 5e4afc SysFreeString 102291->102292 102293 5e4ab8 _Mpunct 102291->102293 102292->102293 102293->102179 102295 5e6496 102294->102295 102296 5e65af 102295->102296 102297 5e64fd 102295->102297 102303 5e64e8 102295->102303 102346 5c9b40 27 API calls 2 library calls 102296->102346 102298 638713 collate 27 API calls 102297->102298 102300 5e6515 102298->102300 102345 5e6bb0 25 API calls _Mpunct 102300->102345 102301 5e65b4 102303->102175 102305 5e65ef _Mpunct 102304->102305 102306 5e65cc 102304->102306 102305->102189 102306->102305 102307 63d60f 25 API calls 102306->102307 102308 5e6639 102307->102308 102309->102190 102310->102200 102311->102209 102312->102246 102313->102263 102314->102270 102315->102213 102316->102247 102317->102211 102318->102258 102319->102274 102320->102280 102321->102282 102322->102284 102323->102265 102325 639960 102324->102325 102343 63993d 102324->102343 102328 63997f MultiByteToWideChar 102325->102328 102331 639a33 _com_issue_error 102325->102331 102326 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102327 63995a 102326->102327 102327->102291 102329 639a47 GetLastError 102328->102329 102330 63999c 102328->102330 102332 639a51 _com_issue_error 102329->102332 102333 64594f _Yarn 15 API calls 102330->102333 102334 6399ae __Strxfrm 102330->102334 102331->102329 102335 639a70 GetLastError 102332->102335 102337 63e960 _Yarn 14 API calls 102332->102337 102333->102334 102334->102331 102336 6399fa MultiByteToWideChar 102334->102336 102344 639a7a _com_issue_error 102335->102344 102336->102332 102338 639a0e SysAllocString 102336->102338 102339 639a6d 102337->102339 102340 639a25 102338->102340 102341 639a1f 102338->102341 102339->102335 102340->102331 102340->102343 102342 63e960 _Yarn 14 API calls 102341->102342 102342->102340 102343->102326 102344->102291 102345->102303 102346->102301 102347 65eced 102348 65ecf9 __FrameHandler3::FrameUnwindToState 102347->102348 102355 64cd41 EnterCriticalSection 102348->102355 102350 65ed04 102356 65ed4c 102350->102356 102352 65ed1a 102371 65ed43 LeaveCriticalSection std::_Lockit::~_Lockit 102352->102371 102354 65ed2e 102355->102350 102357 65ed6e 102356->102357 102358 65ed5b 102356->102358 102360 65ed80 102357->102360 102361 65edbc 102357->102361 102359 63d73d std::_Stodx_v2 14 API calls 102358->102359 102364 65ed60 102359->102364 102372 65ec80 102360->102372 102362 63d73d std::_Stodx_v2 14 API calls 102361->102362 102362->102364 102364->102352 102367 65edd7 102367->102364 102368 65ede5 102367->102368 102377 63d62c 11 API calls std::locale::_Setgloballocale 102368->102377 102370 65edf1 102371->102354 102374 65ec8d 102372->102374 102373 65ece0 102373->102364 102376 6518d3 14 API calls std::_Stodx_v2 102373->102376 102374->102373 102378 66129f 50 API calls 102374->102378 102376->102367 102377->102370 102378->102374 102379 653e2f 102391 652174 102379->102391 102381 653e3a 102382 653e41 102381->102382 102384 653e67 102381->102384 102398 652098 102382->102398 102385 652098 _free 14 API calls 102384->102385 102386 653e47 102385->102386 102387 652098 _free 14 API calls 102386->102387 102388 653e9d 102387->102388 102389 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102388->102389 102390 653eab 102389->102390 102392 6521b2 102391->102392 102393 652182 std::_Locinfo::_W_Getmonths 102391->102393 102394 63d73d std::_Stodx_v2 14 API calls 102392->102394 102393->102392 102395 65219d RtlAllocateHeap 102393->102395 102404 64f60f EnterCriticalSection LeaveCriticalSection collate 102393->102404 102396 6521b0 102394->102396 102395->102393 102395->102396 102396->102381 102399 6520a3 RtlFreeHeap 102398->102399 102403 6520cc _free 102398->102403 102400 6520b8 102399->102400 102399->102403 102401 63d73d std::_Stodx_v2 12 API calls 102400->102401 102402 6520be GetLastError 102401->102402 102402->102403 102403->102386 102404->102393 102405 5d7156 102406 638713 collate 27 API calls 102405->102406 102407 5d715c codecvt 102406->102407 102408 5d71bf 102407->102408 102413 5d722a 102407->102413 102409 5c9bb0 125 API calls 102408->102409 102410 5d71c4 102409->102410 102411 5c9940 171 API calls 102410->102411 102412 5d71d4 102411->102412 102416 5c1b84 84 API calls 102412->102416 102414 5d7df1 102413->102414 102419 5d72db 102413->102419 102420 5d72b4 102413->102420 102432 5d725f codecvt 102413->102432 102664 5c34d0 21 API calls collate 102414->102664 102418 5d71f0 102416->102418 102422 5c9ab0 81 API calls 102418->102422 102427 638713 collate 27 API calls 102419->102427 102419->102432 102423 5d7dfc Concurrency::cancel_current_task 102420->102423 102426 638713 collate 27 API calls 102420->102426 102424 5d7200 102422->102424 102428 5d7e01 102423->102428 102429 5c1c50 81 API calls 102424->102429 102425 5d7348 102431 5c9bb0 125 API calls 102425->102431 102426->102432 102427->102432 102433 63d60f 25 API calls 102428->102433 102430 5d720e 102429->102430 102649 5d8f20 81 API calls 102430->102649 102435 5d734d 102431->102435 102432->102425 102432->102428 102446 5d73b3 102432->102446 102436 5d7e06 102433->102436 102438 5c9940 171 API calls 102435->102438 102441 5c9bb0 125 API calls 102436->102441 102437 5d7219 102439 5cb8a0 170 API calls 102437->102439 102440 5d735d 102438->102440 102521 5d7221 std::ios_base::_Ios_base_dtor __Mtx_unlock _Mpunct 102439->102521 102442 5c1b84 84 API calls 102440->102442 102443 5d7e5c 102441->102443 102445 5d7379 102442->102445 102444 5c9940 171 API calls 102443->102444 102447 5d7e6c 102444->102447 102650 5c1be0 81 API calls 102445->102650 102446->102414 102449 5d746a 102446->102449 102450 5d7443 102446->102450 102461 5d73ee codecvt 102446->102461 102451 5c1b84 84 API calls 102447->102451 102453 638713 collate 27 API calls 102449->102453 102449->102461 102450->102423 102457 638713 collate 27 API calls 102450->102457 102454 5d7e88 102451->102454 102452 5d7389 102455 5c1c50 81 API calls 102452->102455 102453->102461 102665 5c1be0 81 API calls 102454->102665 102459 5d7397 102455->102459 102456 5d74d7 102460 5c9bb0 125 API calls 102456->102460 102457->102461 102651 5d8f20 81 API calls 102459->102651 102464 5d74dc 102460->102464 102461->102428 102461->102456 102475 5d7542 102461->102475 102462 5d7e98 102465 5cb8a0 170 API calls 102462->102465 102468 5c9940 171 API calls 102464->102468 102480 5d7ea3 std::ios_base::_Ios_base_dtor 102465->102480 102466 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102469 5d7dea 102466->102469 102467 5d73a2 102470 5cb8a0 170 API calls 102467->102470 102471 5d74ec 102468->102471 102470->102521 102473 5c1b84 84 API calls 102471->102473 102472 5d7d49 102592 5e4b40 102472->102592 102474 5d7508 102473->102474 102652 5c1be0 81 API calls 102474->102652 102475->102414 102481 5d76d8 102475->102481 102485 5d75ff 102475->102485 102486 5d75d6 102475->102486 102507 5d757f codecvt 102475->102507 102478 5d7d63 102591 5de380 231 API calls 102478->102591 102479 5d7b9d 102479->102414 102479->102472 102492 5d7c00 102479->102492 102535 5d7bde codecvt 102479->102535 102484 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102480->102484 102481->102414 102483 5d786e 102481->102483 102487 5d776c 102481->102487 102488 5d7795 102481->102488 102510 5d7715 codecvt 102481->102510 102482 5d7518 102489 5c1c50 81 API calls 102482->102489 102483->102414 102491 5d7a07 102483->102491 102495 5d792e 102483->102495 102496 5d7905 102483->102496 102522 5d78ae codecvt 102483->102522 102490 5d85c6 102484->102490 102498 638713 collate 27 API calls 102485->102498 102485->102507 102486->102423 102497 638713 collate 27 API calls 102486->102497 102487->102423 102499 638713 collate 27 API calls 102487->102499 102502 638713 collate 27 API calls 102488->102502 102488->102510 102493 5d7526 102489->102493 102491->102414 102491->102479 102505 5d7a9b 102491->102505 102506 5d7ac2 102491->102506 102533 5d7a44 codecvt 102491->102533 102508 5d7c5c 102492->102508 102509 5d7c35 102492->102509 102653 5d8f20 81 API calls 102493->102653 102494 5d766d 102501 5c9bb0 125 API calls 102494->102501 102515 638713 collate 27 API calls 102495->102515 102495->102522 102496->102423 102513 638713 collate 27 API calls 102496->102513 102497->102507 102498->102507 102499->102510 102512 5d7672 102501->102512 102502->102510 102503 5d7d74 102503->102428 102503->102521 102504 5d7803 102514 5c9bb0 125 API calls 102504->102514 102505->102423 102524 638713 collate 27 API calls 102505->102524 102526 638713 collate 27 API calls 102506->102526 102506->102533 102507->102428 102507->102481 102507->102494 102529 638713 collate 27 API calls 102508->102529 102508->102535 102509->102423 102517 5d7c40 102509->102517 102510->102428 102510->102483 102510->102504 102511 5d7531 102519 5cb8a0 170 API calls 102511->102519 102520 5c9940 171 API calls 102512->102520 102513->102522 102523 5d7808 102514->102523 102515->102522 102516 5d799c 102525 5c9bb0 125 API calls 102516->102525 102527 638713 collate 27 API calls 102517->102527 102518 5d7b32 102528 5c9bb0 125 API calls 102518->102528 102519->102521 102530 5d7682 102520->102530 102521->102466 102522->102428 102522->102491 102522->102516 102532 5c9940 171 API calls 102523->102532 102524->102533 102534 5d79a1 102525->102534 102526->102533 102527->102535 102536 5d7b37 102528->102536 102529->102535 102537 5c1b84 84 API calls 102530->102537 102531 5d7ccc 102538 5c9bb0 125 API calls 102531->102538 102539 5d7818 102532->102539 102533->102428 102533->102479 102533->102518 102540 5c9940 171 API calls 102534->102540 102535->102428 102535->102472 102535->102531 102541 5c9940 171 API calls 102536->102541 102542 5d769e 102537->102542 102543 5d7cd1 102538->102543 102544 5c1b84 84 API calls 102539->102544 102545 5d79b1 102540->102545 102547 5d7b47 102541->102547 102654 5c1be0 81 API calls 102542->102654 102549 5c9940 171 API calls 102543->102549 102550 5d7834 102544->102550 102546 5c1b84 84 API calls 102545->102546 102551 5d79cd 102546->102551 102552 5c1b84 84 API calls 102547->102552 102554 5d7ce1 102549->102554 102656 5c1be0 81 API calls 102550->102656 102658 5c1be0 81 API calls 102551->102658 102557 5d7b63 102552->102557 102553 5d76ae 102558 5c1c50 81 API calls 102553->102558 102559 5c1b84 84 API calls 102554->102559 102660 5c1be0 81 API calls 102557->102660 102563 5d76bc 102558->102563 102564 5d7cfd 102559->102564 102560 5d7844 102565 5c1c50 81 API calls 102560->102565 102561 5d79dd 102566 5c1c50 81 API calls 102561->102566 102655 5d8f20 81 API calls 102563->102655 102662 5c1be0 81 API calls 102564->102662 102570 5d7852 102565->102570 102571 5d79eb 102566->102571 102567 5d7b73 102572 5c1c50 81 API calls 102567->102572 102657 5d8f20 81 API calls 102570->102657 102659 5d8f20 81 API calls 102571->102659 102577 5d7b81 102572->102577 102573 5d76c7 102578 5cb8a0 170 API calls 102573->102578 102574 5d7d0d 102579 5c1c50 81 API calls 102574->102579 102661 5d8f20 81 API calls 102577->102661 102578->102521 102583 5d7d1b 102579->102583 102580 5d785d 102584 5cb8a0 170 API calls 102580->102584 102581 5d79f6 102585 5cb8a0 170 API calls 102581->102585 102663 5d8f20 81 API calls 102583->102663 102584->102521 102585->102521 102586 5d7b8c 102588 5cb8a0 170 API calls 102586->102588 102588->102521 102589 5d7d26 102590 5cb8a0 170 API calls 102589->102590 102590->102521 102591->102503 102666 5e52d0 102592->102666 102594 5e4b83 102595 638713 collate 27 API calls 102594->102595 102596 5e4c08 102595->102596 102742 5e6340 102596->102742 102598 5e4eba 102599 5e1b40 29 API calls 102598->102599 102612 5e4ec9 _Mpunct 102599->102612 102601 5e6360 27 API calls 102611 5e4d1a 102601->102611 102602 5e4f98 102607 5e4fc2 102602->102607 102748 5e2f20 29 API calls 3 library calls 102602->102748 102605 5e4c8a 102605->102611 102745 5e6c80 29 API calls collate 102605->102745 102606 5e500e codecvt 102618 63e960 _Yarn 14 API calls 102606->102618 102607->102606 102608 5e502e 102607->102608 102609 5e517d 102607->102609 102620 5e508b 102608->102620 102621 5e5062 102608->102621 102749 5c34d0 21 API calls collate 102609->102749 102610 5e5187 102615 63d60f 25 API calls 102610->102615 102611->102598 102611->102601 102617 638713 collate 27 API calls 102611->102617 102622 64594f _Yarn 15 API calls 102611->102622 102746 5e6640 27 API calls 3 library calls 102611->102746 102612->102602 102612->102610 102747 5c77a9 5 API calls collate 102612->102747 102619 5e518c 102615->102619 102616 5e5182 Concurrency::cancel_current_task 102616->102610 102617->102611 102635 5e50d8 _Mpunct 102618->102635 102625 5c9bb0 125 API calls 102619->102625 102620->102606 102624 638713 collate 27 API calls 102620->102624 102621->102616 102623 5e506d 102621->102623 102622->102611 102626 638713 collate 27 API calls 102623->102626 102624->102606 102628 5e51cb 102625->102628 102627 5e5073 102626->102627 102627->102606 102627->102610 102629 5c9940 171 API calls 102628->102629 102630 5e51db 102629->102630 102632 5c1b84 84 API calls 102630->102632 102631 63e960 _Yarn 14 API calls 102634 5e513b _Mpunct 102631->102634 102636 5e51f7 102632->102636 102633 5e510c _Mpunct 102633->102631 102639 63e960 _Yarn 14 API calls 102634->102639 102635->102633 102637 63e960 _Yarn 14 API calls 102635->102637 102750 5c1be0 81 API calls 102636->102750 102637->102635 102641 5e514d _Mpunct 102639->102641 102640 5e5207 102642 5cb8a0 170 API calls 102640->102642 102643 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102641->102643 102646 5e520f std::ios_base::_Ios_base_dtor _Mpunct 102642->102646 102644 5e5177 102643->102644 102644->102478 102645 5e52a8 _Mpunct 102645->102478 102646->102645 102647 63d60f 25 API calls 102646->102647 102648 5e52cb 102647->102648 102649->102437 102650->102452 102651->102467 102652->102482 102653->102511 102654->102553 102655->102573 102656->102560 102657->102580 102658->102561 102659->102581 102660->102567 102661->102586 102662->102574 102663->102589 102665->102462 102667 5e571d 102666->102667 102668 5e6440 27 API calls 102667->102668 102669 5e575a GetModuleHandleW 102668->102669 102671 5e5816 102669->102671 102672 5e6440 27 API calls 102671->102672 102673 5e5885 102672->102673 102674 5e65c0 25 API calls 102673->102674 102675 5e588c 102674->102675 102676 5e6440 27 API calls 102675->102676 102677 5e595c 102676->102677 102678 5e6440 27 API calls 102677->102678 102679 5e5ae8 102678->102679 102701 5e5b83 std::ios_base::_Ios_base_dtor _Mpunct 102679->102701 102751 5c11f3 29 API calls 2 library calls 102679->102751 102681 5e5bdb 102683 5e5be6 102681->102683 102687 5e5cfc _Mpunct 102681->102687 102682 5e6440 27 API calls 102690 5e5cc5 102682->102690 102684 5c9bb0 125 API calls 102683->102684 102686 5e5beb 102684->102686 102685 5e6440 27 API calls 102688 5e5d62 102685->102688 102689 5c9940 171 API calls 102686->102689 102687->102685 102688->102701 102753 5daad0 28 API calls 3 library calls 102688->102753 102691 5e5bfb 102689->102691 102692 5e5de7 102690->102692 102693 5e5e30 102690->102693 102703 5e5cd3 codecvt 102690->102703 102697 5c1b84 84 API calls 102691->102697 102694 5e6085 Concurrency::cancel_current_task 102692->102694 102695 5e5df2 102692->102695 102699 638713 collate 27 API calls 102693->102699 102693->102703 102702 5e608a 102694->102702 102698 638713 collate 27 API calls 102695->102698 102700 5e5c17 102697->102700 102698->102703 102699->102703 102752 5c1be0 81 API calls 102700->102752 102701->102682 102705 63d60f 25 API calls 102702->102705 102703->102702 102710 5e5ebc _Mpunct 102703->102710 102706 5e608f 102705->102706 102708 63d60f 25 API calls 102706->102708 102707 5e5c27 102711 5cb8a0 170 API calls 102707->102711 102723 5e6094 _Mpunct 102708->102723 102709 5e5f73 _Mpunct 102713 5e5f82 GetModuleHandleW 102709->102713 102710->102709 102712 5e6440 27 API calls 102710->102712 102711->102701 102715 5e5f2f 102712->102715 102714 5e5f95 GetProcAddress 102713->102714 102722 5e5fc1 102713->102722 102716 5e5fa7 GetCurrentProcess 102714->102716 102714->102722 102717 5e5f45 102715->102717 102754 5daad0 28 API calls 3 library calls 102715->102754 102716->102722 102717->102706 102717->102709 102717->102713 102720 5e6440 27 API calls 102724 5e6022 102720->102724 102721 5e60f4 102730 5e610e SysFreeString 102721->102730 102731 5e611b _Mpunct 102721->102731 102722->102720 102734 5e6166 _Mpunct 102723->102734 102759 5e67b0 26 API calls _Mpunct 102723->102759 102755 5c36db 27 API calls collate 102724->102755 102725 63d60f 25 API calls 102727 5e61d9 102725->102727 102728 5e61b4 _Mpunct 102728->102594 102729 5e602a 102756 5c372a 5 API calls collate 102729->102756 102730->102731 102732 5e6159 SysFreeString 102731->102732 102731->102734 102732->102734 102734->102725 102734->102728 102735 5e6032 102757 5c372a 5 API calls collate 102735->102757 102737 5e603a 102758 5c372a 5 API calls collate 102737->102758 102739 5e6042 102740 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102739->102740 102741 5e6059 102740->102741 102741->102594 102743 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102742->102743 102744 5e6355 102743->102744 102744->102605 102745->102605 102746->102611 102747->102612 102748->102607 102750->102640 102751->102681 102752->102707 102753->102701 102754->102717 102755->102729 102756->102735 102757->102737 102758->102739 102759->102721 102760 5eea50 102763 5eed10 102760->102763 102761 5eea63 102764 5eed1a 102763->102764 102765 5eed39 102763->102765 102764->102765 102766 5eed22 RegSetValueExW 102764->102766 102765->102761 102766->102761 102773 5eecd0 102774 5eecde 102773->102774 102775 5eece7 lstrlenW 102773->102775 102777 5eed10 RegSetValueExW 102775->102777 102776 5eed07 102777->102776 102778 5edf10 RegCreateKeyExW 102779 5edf52 102778->102779 102780 5ee590 102781 5ee59a 102780->102781 102782 5ee5a5 102780->102782 102785 5ee8c0 RegQueryValueExW 102782->102785 102783 5ee5bf 102785->102783 102786 65732a 102791 6570bf 102786->102791 102788 657340 102789 657369 102788->102789 102801 660408 102788->102801 102794 6570ed ___vcrt_InitializeCriticalSectionEx 102791->102794 102792 65723d 102793 63d73d std::_Stodx_v2 14 API calls 102792->102793 102795 657248 102792->102795 102793->102795 102794->102792 102796 642041 49 API calls 102794->102796 102795->102788 102797 6572a5 102796->102797 102797->102792 102798 642041 49 API calls 102797->102798 102799 6572c3 102798->102799 102799->102792 102800 642041 49 API calls 102799->102800 102800->102792 102804 65fb11 102801->102804 102803 660423 102803->102789 102805 65fb1d __FrameHandler3::FrameUnwindToState 102804->102805 102806 65fb24 102805->102806 102808 65fb4f 102805->102808 102807 63d73d std::_Stodx_v2 14 API calls 102806->102807 102811 65fb29 102807->102811 102813 6600de 102808->102813 102811->102803 102861 65feba 102813->102861 102816 660110 102889 63d72a 14 API calls __dosmaperr 102816->102889 102817 660129 102875 65adb9 102817->102875 102821 660115 102826 63d73d std::_Stodx_v2 14 API calls 102821->102826 102822 660137 102890 63d72a 14 API calls __dosmaperr 102822->102890 102823 66014e 102888 65fe25 CreateFileW 102823->102888 102851 65fb73 102826->102851 102827 66013c 102828 63d73d std::_Stodx_v2 14 API calls 102827->102828 102828->102821 102829 660204 GetFileType 102830 660256 102829->102830 102831 66020f GetLastError 102829->102831 102894 65ad04 15 API calls 3 library calls 102830->102894 102893 63d707 14 API calls 3 library calls 102831->102893 102832 6601d9 GetLastError 102892 63d707 14 API calls 3 library calls 102832->102892 102834 660187 102834->102829 102834->102832 102891 65fe25 CreateFileW 102834->102891 102836 66021d CloseHandle 102836->102821 102838 660246 102836->102838 102841 63d73d std::_Stodx_v2 14 API calls 102838->102841 102840 6601cc 102840->102829 102840->102832 102843 66024b 102841->102843 102842 660277 102844 6602c3 102842->102844 102895 660034 70 API calls 4 library calls 102842->102895 102843->102821 102848 6602ca 102844->102848 102911 65fbd2 71 API calls 4 library calls 102844->102911 102847 6602f8 102847->102848 102850 660306 102847->102850 102896 656b6c 102848->102896 102850->102851 102852 660382 CloseHandle 102850->102852 102860 65fba6 LeaveCriticalSection __wsopen_s 102851->102860 102912 65fe25 CreateFileW 102852->102912 102854 6603ad 102855 6603b7 GetLastError 102854->102855 102856 6603e3 102854->102856 102913 63d707 14 API calls 3 library calls 102855->102913 102856->102851 102858 6603c3 102914 65aecc 15 API calls 3 library calls 102858->102914 102860->102811 102862 65fedb 102861->102862 102865 65feea 102861->102865 102864 63d73d std::_Stodx_v2 14 API calls 102862->102864 102862->102865 102864->102865 102915 65fe4a 102865->102915 102866 65ff2d 102867 65ff51 102866->102867 102869 63d73d std::_Stodx_v2 14 API calls 102866->102869 102873 65ffaf 102867->102873 102920 64f7e4 14 API calls std::_Stodx_v2 102867->102920 102869->102867 102870 65ffaa 102871 660027 102870->102871 102870->102873 102921 63d62c 11 API calls std::locale::_Setgloballocale 102871->102921 102873->102816 102873->102817 102874 660033 102876 65adc5 __FrameHandler3::FrameUnwindToState 102875->102876 102922 64cd41 EnterCriticalSection 102876->102922 102878 65ae13 102923 65aec3 102878->102923 102880 65adcc 102880->102878 102881 65adf1 102880->102881 102885 65ae60 EnterCriticalSection 102880->102885 102926 65ab93 15 API calls 3 library calls 102881->102926 102884 65adf6 102884->102878 102927 65ace1 EnterCriticalSection 102884->102927 102885->102878 102887 65ae6d LeaveCriticalSection 102885->102887 102887->102880 102888->102834 102889->102821 102890->102827 102891->102840 102892->102821 102893->102836 102894->102842 102895->102844 102929 65af5d 102896->102929 102898 656b82 102940 65aecc 15 API calls 3 library calls 102898->102940 102900 656b7c 102900->102898 102903 65af5d __wsopen_s 14 API calls 102900->102903 102910 656bb4 102900->102910 102901 65af5d __wsopen_s 14 API calls 102904 656bc0 FindCloseChangeNotification 102901->102904 102902 656bda 102908 656bfc 102902->102908 102941 63d707 14 API calls 3 library calls 102902->102941 102905 656bab 102903->102905 102904->102898 102906 656bcc GetLastError 102904->102906 102909 65af5d __wsopen_s 14 API calls 102905->102909 102906->102898 102908->102851 102909->102910 102910->102898 102910->102901 102911->102847 102912->102854 102913->102858 102914->102856 102917 65fe62 102915->102917 102916 65fe7d 102916->102866 102917->102916 102918 63d73d std::_Stodx_v2 14 API calls 102917->102918 102919 65fea1 102918->102919 102919->102866 102920->102870 102921->102874 102922->102880 102928 64cd91 LeaveCriticalSection 102923->102928 102925 65ae33 102925->102822 102925->102823 102926->102884 102927->102878 102928->102925 102930 65af7f 102929->102930 102931 65af6a 102929->102931 102937 65afa4 102930->102937 102943 63d72a 14 API calls __dosmaperr 102930->102943 102942 63d72a 14 API calls __dosmaperr 102931->102942 102934 65af6f 102936 63d73d std::_Stodx_v2 14 API calls 102934->102936 102935 65afaf 102938 63d73d std::_Stodx_v2 14 API calls 102935->102938 102939 65af77 102936->102939 102937->102900 102938->102939 102939->102900 102940->102902 102941->102908 102942->102934 102943->102935 102944 6397ac 102945 6397bc 102944->102945 102946 62293c ___delayLoadHelper2@8 16 API calls 102945->102946 102947 6397c9 102946->102947 102948 5d928d 102987 5d8fb0 CoCreateGuid 102948->102987 102950 5d9293 102951 5d9297 102950->102951 102955 5d92e9 102950->102955 102952 5c9bb0 125 API calls 102951->102952 102953 5d929c 102952->102953 102954 5c9940 171 API calls 102953->102954 102956 5d92ac 102954->102956 102957 5d9307 102955->102957 102964 5d9366 102955->102964 102958 5c1b84 84 API calls 102956->102958 102959 5c9bb0 125 API calls 102957->102959 102961 5d92c8 102958->102961 102960 5d930c 102959->102960 102962 5c9940 171 API calls 102960->102962 103026 5c1be0 81 API calls 102961->103026 102965 5d931c 102962->102965 102967 5c9bb0 125 API calls 102964->102967 102973 5d92e0 std::ios_base::_Ios_base_dtor codecvt 102964->102973 102969 5c1b84 84 API calls 102965->102969 102966 5d92d8 102970 5cb8a0 170 API calls 102966->102970 102968 5d937e 102967->102968 102971 5c9940 171 API calls 102968->102971 102972 5d9338 102969->102972 102970->102973 102974 5d938e 102971->102974 103027 5c1be0 81 API calls 102972->103027 102976 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102973->102976 102977 5c1b84 84 API calls 102974->102977 102979 5d944c 102976->102979 102980 5d93aa 102977->102980 102978 5d9348 102981 5c4190 5 API calls 102978->102981 102982 5c9ab0 81 API calls 102980->102982 102983 5d9358 102981->102983 102984 5d93ba 102982->102984 102985 5cb8a0 170 API calls 102983->102985 102986 5cb8a0 170 API calls 102984->102986 102985->102973 102986->102973 102988 5d9155 102987->102988 102989 5d8fd6 StringFromCLSID 102987->102989 102991 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 102988->102991 102989->102988 102990 5d8fee 102989->102990 102990->102988 102993 5d8ffe 102990->102993 102992 5d9163 102991->102992 102992->102950 102994 5d9169 102993->102994 102998 5d9050 102993->102998 103011 5d9020 codecvt _Mpunct 102993->103011 103028 5c34d0 21 API calls collate 102994->103028 102996 5d916e 102997 63d60f 25 API calls 102996->102997 102999 5d9173 Concurrency::cancel_current_task 102997->102999 102998->102999 103002 5d90cd 102998->103002 103003 5d90a6 102998->103003 103001 5d9180 102999->103001 103000 5d9134 CoTaskMemFree 103004 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103000->103004 103005 5ed900 27 API calls 103001->103005 103008 638713 collate 27 API calls 103002->103008 103009 5d90b7 codecvt 103002->103009 103003->102999 103007 638713 collate 27 API calls 103003->103007 103006 5d914f 103004->103006 103010 5d91cd codecvt 103005->103010 103006->102950 103007->103009 103008->103009 103009->102996 103009->103011 103012 5c9bb0 125 API calls 103010->103012 103011->103000 103013 5d9213 103012->103013 103014 5c9940 171 API calls 103013->103014 103015 5d9223 103014->103015 103016 5c1b84 84 API calls 103015->103016 103017 5d923f 103016->103017 103018 5c9ab0 81 API calls 103017->103018 103019 5d924f 103018->103019 103020 5c4190 5 API calls 103019->103020 103021 5d925f 103020->103021 103022 5cb8a0 170 API calls 103021->103022 103023 5d9267 std::ios_base::_Ios_base_dtor 103022->103023 103024 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103023->103024 103025 5d944c 103024->103025 103025->102950 103026->102966 103027->102978 103029 614d93 103030 614d14 103029->103030 103031 62293c ___delayLoadHelper2@8 16 API calls 103030->103031 103031->103030 103032 64ed30 103033 64ed39 103032->103033 103036 64ed4f 103032->103036 103033->103036 103038 64ed5c 103033->103038 103035 64ed46 103035->103036 103051 64f009 15 API calls 3 library calls 103035->103051 103039 64ed65 103038->103039 103040 64ed68 103038->103040 103039->103035 103052 65a3f0 103040->103052 103045 64ed7a 103047 652098 _free 14 API calls 103045->103047 103049 64eda9 103047->103049 103048 64ed85 103050 652098 _free 14 API calls 103048->103050 103049->103035 103050->103045 103051->103036 103053 64ed6f 103052->103053 103054 65a3f9 103052->103054 103058 65a690 GetEnvironmentStringsW 103053->103058 103071 651d66 48 API calls 3 library calls 103054->103071 103056 65a41c 103072 65a234 56 API calls 3 library calls 103056->103072 103059 65a6a7 103058->103059 103069 65a6fd 103058->103069 103073 6598ff WideCharToMultiByte 103059->103073 103060 65a706 FreeEnvironmentStringsW 103061 64ed74 103060->103061 103061->103045 103070 64edfd 25 API calls 3 library calls 103061->103070 103063 65a6c0 103064 652174 std::_Locinfo::_W_Getmonths 15 API calls 103063->103064 103063->103069 103065 65a6d0 103064->103065 103066 65a6e8 103065->103066 103074 6598ff WideCharToMultiByte 103065->103074 103068 652098 _free 14 API calls 103066->103068 103068->103069 103069->103060 103069->103061 103070->103048 103071->103056 103072->103053 103073->103063 103074->103066 103078 655192 103095 652e1c 103078->103095 103080 6551a0 103081 6551af 103080->103081 103082 6551ce 103080->103082 103083 63d73d std::_Stodx_v2 14 API calls 103081->103083 103084 6551dc 103082->103084 103085 6551e9 103082->103085 103090 6551b4 103083->103090 103086 63d73d std::_Stodx_v2 14 API calls 103084->103086 103089 6551fc 103085->103089 103111 65555a 16 API calls __wsopen_s 103085->103111 103086->103090 103089->103090 103092 65526e 103089->103092 103093 65527b 103089->103093 103112 65ec2a 103089->103112 103092->103093 103119 6555f5 15 API calls 2 library calls 103092->103119 103100 6553c0 103093->103100 103096 652e3d 103095->103096 103097 652e28 103095->103097 103096->103080 103098 63d73d std::_Stodx_v2 14 API calls 103097->103098 103099 652e2d 103098->103099 103099->103080 103101 652e1c std::locale::_Setgloballocale 14 API calls 103100->103101 103102 6553cf 103101->103102 103103 655472 103102->103103 103104 6553e2 103102->103104 103105 655ee6 __wsopen_s 68 API calls 103103->103105 103106 6553ff 103104->103106 103108 655423 103104->103108 103109 65540c 103105->103109 103123 655ee6 103106->103123 103108->103109 103120 656972 103108->103120 103109->103090 103111->103089 103113 65ec37 103112->103113 103115 65ec44 103112->103115 103114 63d73d std::_Stodx_v2 14 API calls 103113->103114 103118 65ec3c 103114->103118 103116 65ec50 103115->103116 103117 63d73d std::_Stodx_v2 14 API calls 103115->103117 103116->103092 103117->103118 103118->103092 103119->103093 103146 6567ea 103120->103146 103122 656988 103122->103109 103124 655ef2 __FrameHandler3::FrameUnwindToState 103123->103124 103125 655f12 103124->103125 103126 655efa 103124->103126 103128 655fad 103125->103128 103132 655f44 103125->103132 103227 63d72a 14 API calls __dosmaperr 103126->103227 103230 63d72a 14 API calls __dosmaperr 103128->103230 103129 655eff 103133 63d73d std::_Stodx_v2 14 API calls 103129->103133 103131 655fb2 103134 63d73d std::_Stodx_v2 14 API calls 103131->103134 103184 65ace1 EnterCriticalSection 103132->103184 103137 655f07 103133->103137 103134->103137 103136 655f4a 103138 655f66 103136->103138 103139 655f7b 103136->103139 103137->103109 103140 63d73d std::_Stodx_v2 14 API calls 103138->103140 103185 655fd8 103139->103185 103142 655f6b 103140->103142 103228 63d72a 14 API calls __dosmaperr 103142->103228 103143 655f76 103229 655fa5 LeaveCriticalSection __wsopen_s 103143->103229 103147 6567f6 __FrameHandler3::FrameUnwindToState 103146->103147 103148 656816 103147->103148 103149 6567fe 103147->103149 103151 6568c7 103148->103151 103155 65684b 103148->103155 103179 63d72a 14 API calls __dosmaperr 103149->103179 103182 63d72a 14 API calls __dosmaperr 103151->103182 103152 656803 103156 63d73d std::_Stodx_v2 14 API calls 103152->103156 103154 6568cc 103157 63d73d std::_Stodx_v2 14 API calls 103154->103157 103169 65ace1 EnterCriticalSection 103155->103169 103159 65680b 103156->103159 103157->103159 103159->103122 103160 656851 103161 656875 103160->103161 103162 65688a 103160->103162 103163 63d73d std::_Stodx_v2 14 API calls 103161->103163 103170 6568f6 103162->103170 103165 65687a 103163->103165 103180 63d72a 14 API calls __dosmaperr 103165->103180 103166 656885 103181 6568bf LeaveCriticalSection __wsopen_s 103166->103181 103169->103160 103171 65af5d __wsopen_s 14 API calls 103170->103171 103172 656908 103171->103172 103173 656921 SetFilePointerEx 103172->103173 103174 656910 103172->103174 103176 656939 GetLastError 103173->103176 103178 656915 103173->103178 103175 63d73d std::_Stodx_v2 14 API calls 103174->103175 103175->103178 103183 63d707 14 API calls 3 library calls 103176->103183 103178->103166 103179->103152 103180->103166 103181->103159 103182->103154 103183->103178 103184->103136 103186 655ffa 103185->103186 103193 65600b 103185->103193 103187 655ffe 103186->103187 103190 65604e 103186->103190 103248 63d72a 14 API calls __dosmaperr 103187->103248 103189 656003 103191 63d73d std::_Stodx_v2 14 API calls 103189->103191 103192 656061 103190->103192 103231 65698d 103190->103231 103191->103193 103234 655b7f 103192->103234 103193->103143 103197 656077 103199 6560a0 103197->103199 103200 65607b 103197->103200 103198 6560b6 103201 65610f WriteFile 103198->103201 103202 6560ca 103198->103202 103250 65576d 53 API calls 7 library calls 103199->103250 103209 656096 103200->103209 103249 655b17 6 API calls __wsopen_s 103200->103249 103204 656133 GetLastError 103201->103204 103214 6560ed 103201->103214 103205 6560d5 103202->103205 103206 6560ff 103202->103206 103204->103214 103210 6560ef 103205->103210 103211 6560da 103205->103211 103241 655bf0 103206->103241 103209->103193 103215 656183 103209->103215 103216 656159 103209->103216 103252 655db4 8 API calls 3 library calls 103210->103252 103211->103209 103213 6560df 103211->103213 103251 655ccb 7 API calls 2 library calls 103213->103251 103214->103209 103215->103193 103222 63d73d std::_Stodx_v2 14 API calls 103215->103222 103218 656177 103216->103218 103219 656160 103216->103219 103254 63d707 14 API calls 3 library calls 103218->103254 103220 63d73d std::_Stodx_v2 14 API calls 103219->103220 103223 656165 103220->103223 103224 65619b 103222->103224 103253 63d72a 14 API calls __dosmaperr 103223->103253 103255 63d72a 14 API calls __dosmaperr 103224->103255 103227->103129 103228->103143 103229->103137 103230->103131 103232 6568f6 __wsopen_s 16 API calls 103231->103232 103233 6569a3 103232->103233 103233->103192 103235 65ec2a std::locale::_Setgloballocale 14 API calls 103234->103235 103236 655b90 103235->103236 103237 655be6 103236->103237 103256 651ca9 48 API calls 3 library calls 103236->103256 103237->103197 103237->103198 103239 655bb3 103239->103237 103240 655bcd GetConsoleMode 103239->103240 103240->103237 103244 655bff __wsopen_s 103241->103244 103242 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103243 655cc9 103242->103243 103243->103209 103245 655c6f WriteFile 103244->103245 103247 655cb0 103244->103247 103245->103244 103246 655cb2 GetLastError 103245->103246 103246->103247 103247->103242 103248->103189 103249->103209 103250->103209 103251->103214 103252->103214 103253->103193 103254->103193 103255->103193 103256->103239 103260 614cfa 103261 614c79 103260->103261 103261->103260 103262 62293c ___delayLoadHelper2@8 16 API calls 103261->103262 103262->103261 103263 6422d9 103264 6422fc 103263->103264 103265 6422e9 103263->103265 103267 64230e 103264->103267 103272 642321 103264->103272 103266 63d73d std::_Stodx_v2 14 API calls 103265->103266 103268 6422ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 103266->103268 103269 63d73d std::_Stodx_v2 14 API calls 103267->103269 103269->103268 103270 642341 103273 63d73d std::_Stodx_v2 14 API calls 103270->103273 103271 642352 103288 653473 14 API calls std::_Stodx_v2 103271->103288 103272->103270 103272->103271 103273->103268 103275 642369 103276 64255d 103275->103276 103289 65349f 14 API calls std::_Stodx_v2 103275->103289 103293 63d62c 11 API calls std::locale::_Setgloballocale 103276->103293 103279 642567 103280 64237b 103280->103276 103290 6534cb 14 API calls std::_Stodx_v2 103280->103290 103282 64238d 103282->103276 103283 642396 103282->103283 103284 64241b 103283->103284 103285 6423b7 103283->103285 103284->103268 103292 653f0a 25 API calls 2 library calls 103284->103292 103285->103268 103291 653f0a 25 API calls 2 library calls 103285->103291 103288->103275 103289->103280 103290->103282 103291->103268 103292->103268 103293->103279 103294 5d29e0 103295 5d2a15 103294->103295 103296 5d2a00 103294->103296 103299 5d2a2b 103295->103299 103308 5d2a54 103295->103308 103297 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103296->103297 103298 5d2a0f 103297->103298 103301 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103299->103301 103300 5d2b4c 103302 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103300->103302 103303 5d2a4e 103301->103303 103304 5d2b60 103302->103304 103306 5d2ae0 103306->103300 103307 5d2af0 103306->103307 103310 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103307->103310 103308->103300 103309 5d2b07 103308->103309 103311 5d2a86 103308->103311 103313 5d2b1f 103309->103313 103318 64569d 103309->103318 103312 5d2b01 103310->103312 103311->103300 103326 644762 52 API calls 3 library calls 103311->103326 103313->103300 103315 5d2b34 103313->103315 103316 638367 __ehhandler$?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 103315->103316 103317 5d2b46 103316->103317 103319 6456ab 103318->103319 103324 6456bd 103318->103324 103320 6456cc 103319->103320 103321 6456b8 103319->103321 103319->103324 103327 64547e 103320->103327 103323 63d73d std::_Stodx_v2 14 API calls 103321->103323 103323->103324 103324->103313 103326->103306 103328 64548a __FrameHandler3::FrameUnwindToState 103327->103328 103335 64582c EnterCriticalSection 103328->103335 103330 645498 103336 6454d9 103330->103336 103334 6454b6 103334->103313 103335->103330 103344 652e58 103336->103344 103340 645508 103362 652f0b 68 API calls ___scrt_uninitialize_crt 103340->103362 103342 6454a5 103343 6454cd LeaveCriticalSection ___scrt_uninitialize_crt 103342->103343 103343->103334 103345 652e1c std::locale::_Setgloballocale 14 API calls 103344->103345 103346 652e69 103345->103346 103347 65ec2a std::locale::_Setgloballocale 14 API calls 103346->103347 103349 652e6f 103347->103349 103348 6454ed 103353 64551c 103348->103353 103349->103348 103350 652174 std::_Locinfo::_W_Getmonths 15 API calls 103349->103350 103351 652eca 103350->103351 103352 652098 _free 14 API calls 103351->103352 103352->103348 103356 64552e 103353->103356 103357 645541 103353->103357 103354 64553c 103355 63d73d std::_Stodx_v2 14 API calls 103354->103355 103355->103357 103356->103354 103356->103357 103360 645564 codecvt 103356->103360 103357->103340 103359 652e1c std::locale::_Setgloballocale 14 API calls 103359->103360 103360->103357 103360->103359 103361 655ee6 __wsopen_s 68 API calls 103360->103361 103363 644e41 103360->103363 103361->103360 103362->103342 103364 644e59 103363->103364 103368 644e7e 103363->103368 103365 652e1c std::locale::_Setgloballocale 14 API calls 103364->103365 103364->103368 103366 644e77 103365->103366 103367 655ee6 __wsopen_s 68 API calls 103366->103367 103367->103368 103368->103360 103369 6561fa 103370 656206 __FrameHandler3::FrameUnwindToState 103369->103370 103371 656223 103370->103371 103372 65620c 103370->103372 103380 64582c EnterCriticalSection 103371->103380 103373 63d73d std::_Stodx_v2 14 API calls 103372->103373 103378 656211 103373->103378 103375 656233 103381 65627a 103375->103381 103377 65623f 103400 656270 LeaveCriticalSection ___scrt_uninitialize_crt 103377->103400 103380->103375 103382 65629f 103381->103382 103383 656288 103381->103383 103385 652e1c std::locale::_Setgloballocale 14 API calls 103382->103385 103384 63d73d std::_Stodx_v2 14 API calls 103383->103384 103386 65628d 103384->103386 103387 6562a9 103385->103387 103386->103377 103388 656972 18 API calls 103387->103388 103389 6562c4 103388->103389 103390 656337 103389->103390 103391 65638c 103389->103391 103399 6562ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 103389->103399 103394 656351 103390->103394 103395 656365 103390->103395 103392 65639a 103391->103392 103391->103395 103393 63d73d std::_Stodx_v2 14 API calls 103392->103393 103393->103399 103401 6565bd 24 API calls 4 library calls 103394->103401 103395->103399 103402 6563fe 18 API calls 2 library calls 103395->103402 103397 65635d 103397->103399 103399->103377 103400->103378 103401->103397 103402->103399

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 005F3AC0 Relevance: 75.4, APIs: 3, Strings: 39, Instructions: 1934COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 005F3CE8
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: __EH_prolog3.LIBCMT ref: 0062308B
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::_Lockit::_Lockit.LIBCPMT ref: 00623096
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::locale::_Setgloballocale.LIBCPMT ref: 006230B1
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::_Lockit::~_Lockit.LIBCPMT ref: 00623107
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 005F4934
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005F4CD5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: $+h$$+h$2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown$*h$*h$+h
                                                                                                                                                                                                                                                                          • API String ID: 3544396713-580711613
                                                                                                                                                                                                                                                                          • Opcode ID: 6c645a3f6052881df7779c97b879b4093a6f67e939f963e039a1013c8be50e94
                                                                                                                                                                                                                                                                          • Instruction ID: 60daf5374a6ed763f3bdad26fe80fd667d96d6fc433e4f18a90618cbb37c50ce
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c645a3f6052881df7779c97b879b4093a6f67e939f963e039a1013c8be50e94
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12138B71D0122D9BDB20DF54C899BEEBBB5BF44304F1442D9E609A7291DB78AE84CF90
                                                                                                                                                                                                                                                                          Function 005DF110 Relevance: 73.5, APIs: 21, Strings: 20, Instructions: 1782COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF268
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF307
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF37E
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF8B0
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DFBBD
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DFDB6
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E00BA
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E015F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 005E05D7
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E0614
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 005E086A
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E08A7
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 005E0A90
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E0ACD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • HTTP status error for AWS: , xrefs: 005E011E
                                                                                                                                                                                                                                                                          • `i, xrefs: 005E0E9B
                                                                                                                                                                                                                                                                          • HTTP open request failed for AWS: , xrefs: 005E0DB8
                                                                                                                                                                                                                                                                          • 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b, xrefs: 005DF5B7, 005DF656
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DF2C3
                                                                                                                                                                                                                                                                          • Failed to initialize buffer for AWS, xrefs: 005DF889
                                                                                                                                                                                                                                                                          • HTTP receive response failed for AWS: , xrefs: 005E05C7
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DFB43
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DFD70
                                                                                                                                                                                                                                                                          • Querying AdhocTelemetryAWS value failed: , xrefs: 005DF217
                                                                                                                                                                                                                                                                          • AWS Adhoc Telemetry Payload = , xrefs: 005DFB62
                                                                                                                                                                                                                                                                          • AWS Response Code received , xrefs: 005E0079
                                                                                                                                                                                                                                                                          • HTTP connection failed for AWS: , xrefs: 005E0EBA
                                                                                                                                                                                                                                                                          • HTTP send request failed for AWS: , xrefs: 005E085A
                                                                                                                                                                                                                                                                          • AdhocTelemetryAWS, xrefs: 005DF1B6
                                                                                                                                                                                                                                                                          • SOFTWARE\McAfee\WebAdvisor, xrefs: 005DF181
                                                                                                                                                                                                                                                                          • Failed to convert the x_api_key string to wide, xrefs: 005DFD8F
                                                                                                                                                                                                                                                                          • X-Api-Key: , xrefs: 005DFF28
                                                                                                                                                                                                                                                                          • NO_REGVALUE, xrefs: 005DF54F
                                                                                                                                                                                                                                                                          • HTTP add request header failed for AWS x_api_key: , xrefs: 005E0A80
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`i$`i$`i$`i
                                                                                                                                                                                                                                                                          • API String ID: 1658547907-1224718752
                                                                                                                                                                                                                                                                          • Opcode ID: 44e37f07fb875e27e813b1ac46fddf047768bf434d3f2b9d18db125f9a2f7e9f
                                                                                                                                                                                                                                                                          • Instruction ID: bc05cc881ea943cee6d972e2ce09564c55a6aaa1d09d6b228aded19059e947ed
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44e37f07fb875e27e813b1ac46fddf047768bf434d3f2b9d18db125f9a2f7e9f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF2AD709002699BEB28DF24CC99BDDBBB6BF85304F1042D9E449A7292DB759EC4CF50
                                                                                                                                                                                                                                                                          Function 005E5318 Relevance: 72.7, APIs: 12, Strings: 29, Instructions: 928COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1169 5e5318-5e532c call 6388fa 1172 5e571d-5e5b7a call 5e6440 GetModuleHandleW call 5e6440 call 5e65c0 call 5e6440 * 2 call 5d9180 1169->1172 1173 5e5332-5e53a2 call 638713 call 5e4a40 1169->1173 1230 5e5b7f-5e5b81 1172->1230 1231 5e5b7a call 5d9180 1172->1231 1181 5e53a7-5e571a call 5e4a40 * 2 call 5e61f0 call 6385d4 call 5e4a40 * 3 call 5e61f0 call 6385d4 call 5e4a40 * 3 call 5e61f0 call 6385d4 call 5e4a40 * 3 call 5e61f0 call 6385d4 call 638713 call 6385bf call 6388b0 1173->1181 1181->1172 1234 5e5bc4-5e5be0 call 5c11f3 1230->1234 1235 5e5b83-5e5b8d 1230->1235 1231->1230 1245 5e5cfc-5e5d06 1234->1245 1246 5e5be6-5e5c59 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5cb8a0 call 622bfd 1234->1246 1238 5e5c8d-5e5ccd call 5e6440 1235->1238 1239 5e5b93-5e5ba5 1235->1239 1253 5e5db3-5e5dc0 1238->1253 1254 5e5cd3-5e5cd8 1238->1254 1243 5e5bab-5e5bbf 1239->1243 1244 5e5c83-5e5c8a call 638375 1239->1244 1243->1244 1244->1238 1256 5e5d3a-5e5d67 call 5e6440 1245->1256 1257 5e5d08-5e5d1a 1245->1257 1246->1238 1349 5e5c5b-5e5c6d 1246->1349 1262 5e5dc9-5e5dce 1253->1262 1263 5e5dc2-5e5dc7 1253->1263 1260 5e5cdc-5e5cf7 call 63a3a0 1254->1260 1261 5e5cda 1254->1261 1274 5e5d78-5e5d82 1256->1274 1275 5e5d69-5e5d73 call 5daad0 1256->1275 1265 5e5d1c-5e5d2a 1257->1265 1266 5e5d30-5e5d37 call 638375 1257->1266 1289 5e5e8e-5e5e98 1260->1289 1261->1260 1271 5e5dd1-5e5de5 1262->1271 1263->1271 1265->1266 1266->1256 1278 5e5de7-5e5dec 1271->1278 1279 5e5e30-5e5e32 1271->1279 1274->1238 1288 5e5d88-5e5d94 1274->1288 1275->1274 1281 5e6085 Concurrency::cancel_current_task 1278->1281 1282 5e5df2-5e5dfd call 638713 1278->1282 1284 5e5e64-5e5e86 1279->1284 1285 5e5e34-5e5e62 call 638713 1279->1285 1298 5e608a call 63d60f 1281->1298 1282->1298 1310 5e5e03-5e5e2e 1282->1310 1294 5e5e8c 1284->1294 1285->1294 1288->1244 1295 5e5d9a-5e5dae 1288->1295 1296 5e5e9a-5e5ea6 1289->1296 1297 5e5ec6-5e5ee7 call 5d9980 1289->1297 1294->1289 1295->1244 1305 5e5ebc-5e5ec3 call 638375 1296->1305 1306 5e5ea8-5e5eb6 1296->1306 1309 5e5eec-5e5eee 1297->1309 1308 5e608f-5e60aa call 63d60f 1298->1308 1305->1297 1306->1298 1306->1305 1327 5e60ac-5e60b6 1308->1327 1328 5e60d8-5e60fc call 5e67b0 1308->1328 1315 5e5f7f 1309->1315 1316 5e5ef4-5e5f34 call 5e6440 1309->1316 1310->1294 1324 5e5f82-5e5f93 GetModuleHandleW 1315->1324 1335 5e5f36-5e5f40 call 5daad0 1316->1335 1336 5e5f45-5e5f4f 1316->1336 1325 5e5f95-5e5fa5 GetProcAddress 1324->1325 1326 5e5fd1 1324->1326 1325->1326 1332 5e5fa7-5e5fc5 GetCurrentProcess 1325->1332 1338 5e5fd3-5e605c call 5e6440 call 5c36db call 5c372a * 3 call 638367 1326->1338 1333 5e60ce-5e60d5 call 638375 1327->1333 1334 5e60b8-5e60c6 1327->1334 1358 5e60fe-5e6106 1328->1358 1359 5e6144-5e6149 1328->1359 1332->1326 1381 5e5fc7-5e5fcb 1332->1381 1333->1328 1341 5e60cc 1334->1341 1342 5e61d4-5e61d9 call 63d60f 1334->1342 1335->1336 1336->1324 1346 5e5f51-5e5f5d 1336->1346 1341->1333 1354 5e5f5f-5e5f6d 1346->1354 1355 5e5f73-5e5f7d call 638375 1346->1355 1349->1244 1350 5e5c6f-5e5c7d 1349->1350 1350->1244 1354->1308 1354->1355 1355->1324 1366 5e613d 1358->1366 1367 5e6108-5e610c 1358->1367 1360 5e618f-5e6197 1359->1360 1361 5e614b-5e6151 1359->1361 1368 5e6199-5e61a2 1360->1368 1369 5e61c0-5e61d3 1360->1369 1371 5e6188 1361->1371 1372 5e6153-5e6157 1361->1372 1366->1359 1375 5e610e-5e6115 SysFreeString 1367->1375 1376 5e611b-5e6120 1367->1376 1379 5e61b6-5e61bd call 638375 1368->1379 1380 5e61a4-5e61b2 1368->1380 1371->1360 1382 5e6159-5e6160 SysFreeString 1372->1382 1383 5e6166-5e616b 1372->1383 1375->1376 1377 5e6132-5e613a call 638375 1376->1377 1378 5e6122-5e612b call 63874c 1376->1378 1377->1366 1378->1377 1379->1369 1380->1342 1387 5e61b4 1380->1387 1381->1326 1388 5e5fcd-5e5fcf 1381->1388 1382->1383 1390 5e617d-5e6185 call 638375 1383->1390 1391 5e616d-5e6176 call 63874c 1383->1391 1387->1379 1388->1338 1390->1371 1391->1390
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 006388FA: EnterCriticalSection.KERNEL32(006B742C,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 00638905
                                                                                                                                                                                                                                                                            • Part of subcall function 006388FA: LeaveCriticalSection.KERNEL32(006B742C,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 00638942
                                                                                                                                                                                                                                                                            • Part of subcall function 005E4A40: _com_issue_error.COMSUPP ref: 005E4AD2
                                                                                                                                                                                                                                                                            • Part of subcall function 005E4A40: SysFreeString.OLEAUT32(-00000001), ref: 005E4AFD
                                                                                                                                                                                                                                                                            • Part of subcall function 005E61F0: Concurrency::cancel_current_task.LIBCPMT ref: 005E62BF
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: EnterCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388BA
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: LeaveCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388ED
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: RtlWakeAllConditionVariable.NTDLL ref: 00638964
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,EC80BF5C,?,?), ref: 005E57B4
                                                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 005E57C5
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 005E57D1
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 005E57DC
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E6067
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E6085
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 005E610F
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005E615A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                                                                                                          • String ID: (error)$)$0.0.0.0$0i$4.1.1.865$4i$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                                                                                                          • API String ID: 2830066208-2722404796
                                                                                                                                                                                                                                                                          • Opcode ID: fd3ca7d2e7d7f665f8c7d7345a44ccade5f5f7e482b314c653615f500c3bea75
                                                                                                                                                                                                                                                                          • Instruction ID: d55c23175278045067ae2ed6fdcb09a6b7c8eaf1774411e10534464e682b1d3c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3ca7d2e7d7f665f8c7d7345a44ccade5f5f7e482b314c653615f500c3bea75
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED82F2B0900384DFEB18DFA4D84879DBFBABF55304F24425DE484A7392EB759A84CB91
                                                                                                                                                                                                                                                                          Function 005D5870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1938 5d5870-5d58d0 GetCurrentProcessId GetCurrentThreadId call 64594f 1941 5d58d6-5d5943 CreateFileW 1938->1941 1942 5d6170-5d6185 call 5cc900 1938->1942 1943 5d596f-5d5973 1941->1943 1944 5d5945-5d5965 CreateFileW 1941->1944 1950 5d61a5-5d61ab 1942->1950 1951 5d6187-5d6189 1942->1951 1948 5d597a-5d599c CreateFileW 1943->1948 1949 5d5975 1943->1949 1944->1943 1946 5d5967-5d596d 1944->1946 1946->1949 1952 5d599e-5d59c0 CreateFileW 1948->1952 1953 5d5a05-5d5a49 call 63a920 UuidCreate 1948->1953 1949->1948 1957 5d61ad-5d61ba 1950->1957 1958 5d61be-5d61c4 1950->1958 1951->1950 1954 5d618b-5d618e 1951->1954 1952->1953 1955 5d59c2-5d59e4 CreateFileW 1952->1955 1967 5d5a4f-5d5a5f UuidCreate 1953->1967 1968 5d620b-5d621b call 5cc900 1953->1968 1954->1950 1961 5d6190-5d6194 1954->1961 1955->1953 1962 5d59e6-5d5a03 CreateFileW 1955->1962 1957->1958 1959 5d61d7-5d61dd 1958->1959 1960 5d61c6-5d61d3 1958->1960 1964 5d61df-5d61ec 1959->1964 1965 5d61f0-5d6206 call 638367 1959->1965 1960->1959 1961->1950 1966 5d6196-5d619a 1961->1966 1962->1953 1964->1965 1966->1950 1971 5d619c-5d61a3 call 5d69a0 1966->1971 1967->1968 1973 5d5a65-5d5a87 call 5d5790 1967->1973 1968->1954 1971->1950 1982 5d5a89 1973->1982 1983 5d5aea-5d5af2 1973->1983 1985 5d5a90-5d5a96 1982->1985 1983->1968 1984 5d5af8-5d5b30 1983->1984 2002 5d6207 1984->2002 2003 5d5b36-5d5b3e 1984->2003 1986 5d5a9f-5d5aa5 1985->1986 1987 5d5a98-5d5a9d 1985->1987 1990 5d5aae-5d5ab4 1986->1990 1991 5d5aa7-5d5aac 1986->1991 1989 5d5ad9-5d5ae1 call 5d5790 1987->1989 1998 5d5ae6-5d5ae8 1989->1998 1992 5d5abd-5d5ac3 1990->1992 1993 5d5ab6-5d5abb 1990->1993 1991->1989 1996 5d5acc-5d5ad2 1992->1996 1997 5d5ac5-5d5aca 1992->1997 1993->1989 1996->1983 1999 5d5ad4 1996->1999 1997->1989 1998->1983 1998->1985 1999->1989 2002->1968 2003->2002 2004 5d5b44-5d5b5c 2003->2004 2004->2002 2007 5d5b62-5d5b66 2004->2007 2007->2002 2008 5d5b6c-5d5c01 call 5d4cc0 2007->2008 2008->2002 2021 5d5c07-5d5c4a 2008->2021 2026 5d616c 2021->2026 2027 5d5c50-5d5c54 2021->2027 2026->1942 2027->2026 2028 5d5c5a-5d5c74 2027->2028 2028->2026 2031 5d5c7a-5d5c7e 2028->2031 2031->2026 2032 5d5c84-5d5cd4 call 5d4cc0 2031->2032 2039 5d5cd7-5d5ce0 2032->2039 2039->2039 2040 5d5ce2-5d5d16 CryptAcquireContextW 2039->2040 2041 5d5d18-5d5d32 CryptCreateHash 2040->2041 2042 5d5d65-5d5d6b 2040->2042 2041->2042 2043 5d5d34-5d5d4b CryptHashData 2041->2043 2044 5d5d6d-5d5d6e CryptDestroyHash 2042->2044 2045 5d5d74-5d5d7a 2042->2045 2043->2042 2046 5d5d4d-5d5d5f CryptGetHashParam 2043->2046 2044->2045 2047 5d5d7c-5d5d7f CryptReleaseContext 2045->2047 2048 5d5d85-5d5ef5 2045->2048 2046->2042 2047->2048 2048->2026 2077 5d5efb-5d5f4e call 5d4cc0 2048->2077 2084 5d5f50-5d5f59 2077->2084 2084->2084 2085 5d5f5b-5d5f8f CryptAcquireContextW 2084->2085 2086 5d5fde-5d5fe4 2085->2086 2087 5d5f91-5d5fab CryptCreateHash 2085->2087 2089 5d5fed-5d5ff3 2086->2089 2090 5d5fe6-5d5fe7 CryptDestroyHash 2086->2090 2087->2086 2088 5d5fad-5d5fc4 CryptHashData 2087->2088 2088->2086 2091 5d5fc6-5d5fd8 CryptGetHashParam 2088->2091 2092 5d5ffe-5d6166 2089->2092 2093 5d5ff5-5d5ff8 CryptReleaseContext 2089->2093 2090->2089 2091->2086 2092->2026 2093->2092
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005D58AA
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005D58B4
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 005D593A
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 005D595C
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 005D5991
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 005D59B5
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 005D59D9
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 005D59FD
                                                                                                                                                                                                                                                                          • UuidCreate.RPCRT4(00000000), ref: 005D5A41
                                                                                                                                                                                                                                                                          • UuidCreate.RPCRT4(00000000), ref: 005D5A57
                                                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?), ref: 005D5D0E
                                                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 005D5D2A
                                                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 005D5D43
                                                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 005D5D5F
                                                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(?), ref: 005D5D6E
                                                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005D5D7F
                                                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?), ref: 005D5F87
                                                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 005D5FA3
                                                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 005D5FBC
                                                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 005D5FD8
                                                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(?), ref: 005D5FE7
                                                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005D5FF8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                                                                                                          • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                                                                                                          • API String ID: 4128897270-3926088020
                                                                                                                                                                                                                                                                          • Opcode ID: 39dee3639c4f0687b389f54e9b2742a89e32428020c3efe165f498da493d8181
                                                                                                                                                                                                                                                                          • Instruction ID: 1e87d380889805989e9886ffa2ddb5fc2afd2db6c3b9d254bdb2cde038f380c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39dee3639c4f0687b389f54e9b2742a89e32428020c3efe165f498da493d8181
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 365259356003109FDB149F64CC84B2E7BE6BB8C724F15054AFA45AB390DB71ED458F82
                                                                                                                                                                                                                                                                          Function 00611840 Relevance: 60.3, APIs: 5, Strings: 29, Instructions: 754registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00611932
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00611DAD
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00611DD3
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 006120C4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                                                                                                          • String ID: to $$+h$(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range$*h
                                                                                                                                                                                                                                                                          • API String ID: 3662814871-152816752
                                                                                                                                                                                                                                                                          • Opcode ID: e4a858e7593260af167d7972618d08a72dc665292beb0fef042b388a25b2d467
                                                                                                                                                                                                                                                                          • Instruction ID: 54e319af154ec5801f2771ada0be9967225ab9dbdf4b8f4ea8cfbde4fcb676e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a858e7593260af167d7972618d08a72dc665292beb0fef042b388a25b2d467
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C52F070A003099FEB20DF94DC55BEEB7B6BF45700F184199E9096B381E7759A84CFA2
                                                                                                                                                                                                                                                                          Function 006217A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3020 6217a0-6217e9 3021 6217eb-62181d CryptQueryObject 3020->3021 3022 62184f 3020->3022 3023 62181f-621824 3021->3023 3024 62186d-6218ae call 6214f0 3021->3024 3025 621851-62186c call 638367 3022->3025 3026 621826-621827 CryptMsgClose 3023->3026 3027 62182d-621832 3023->3027 3035 6218b0-6218bd call 60e680 3024->3035 3036 6218e4-6218ea 3024->3036 3026->3027 3030 621842-621848 3027->3030 3031 621834-62183f CertCloseStore 3027->3031 3030->3022 3034 62184a-62184b 3030->3034 3031->3030 3034->3022 3042 6218c6-6218cb 3035->3042 3043 6218bf-6218c0 CryptMsgClose 3035->3043 3037 6218f0-6218f6 3036->3037 3040 621b40-621b4d call 60e680 3037->3040 3041 6218fc-621944 3037->3041 3058 621b52-621b57 3040->3058 3059 621b4f-621b50 CryptMsgClose 3040->3059 3045 621946-621951 3041->3045 3046 62198e-6219d5 CryptQueryObject 3041->3046 3047 6218db-6218df 3042->3047 3048 6218cd-6218d8 CertCloseStore 3042->3048 3043->3042 3050 621953-621961 3045->3050 3051 621969-62198b call 638375 3045->3051 3052 6219d7-6219dc 3046->3052 3053 621a39-621a5c call 6214f0 3046->3053 3057 621ab8-621aba 3047->3057 3048->3047 3060 621967 3050->3060 3061 621b7c-621b81 call 63d60f 3050->3061 3051->3046 3054 6219e1-6219ec 3052->3054 3055 6219de-6219df CryptMsgClose 3052->3055 3072 621ac8-621aca 3053->3072 3073 621a5e-621a60 3053->3073 3063 6219f8-6219fe 3054->3063 3064 6219ee-6219f5 CertCloseStore 3054->3064 3055->3054 3066 621ac1-621ac3 3057->3066 3067 621abc-621abd 3057->3067 3068 621b67 3058->3068 3069 621b59-621b64 CertCloseStore 3058->3069 3059->3058 3060->3051 3074 621a00-621a01 3063->3074 3075 621a05-621a1a call 60e630 call 60e680 3063->3075 3064->3063 3066->3025 3067->3066 3068->3061 3069->3068 3080 621acf-621ad4 3072->3080 3081 621acc-621acd CryptMsgClose 3072->3081 3077 621a62-621a63 CryptMsgClose 3073->3077 3078 621a65-621a70 3073->3078 3074->3075 3097 621a1f-621a24 3075->3097 3098 621a1c-621a1d CryptMsgClose 3075->3098 3077->3078 3082 621a72-621a79 CertCloseStore 3078->3082 3083 621a7c-621a82 3078->3083 3085 621ad6-621ae1 CertCloseStore 3080->3085 3086 621ae4-621aea 3080->3086 3081->3080 3082->3083 3087 621a84-621a85 3083->3087 3088 621a89-621a9e call 60e630 call 60e680 3083->3088 3085->3086 3090 621af1-621af7 3086->3090 3091 621aec-621aed 3086->3091 3087->3088 3107 621aa3-621aa8 3088->3107 3108 621aa0-621aa1 CryptMsgClose 3088->3108 3090->3037 3094 621afd-621b08 3090->3094 3091->3090 3095 621b0a-621b18 3094->3095 3096 621b1c-621b3b call 638375 3094->3096 3095->3061 3100 621b1a 3095->3100 3096->3037 3102 621a30 3097->3102 3103 621a26-621a2d CertCloseStore 3097->3103 3098->3097 3100->3096 3102->3053 3103->3102 3109 621ab4 3107->3109 3110 621aaa-621ab1 CertCloseStore 3107->3110 3108->3107 3109->3057 3110->3109
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001, %b,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00621815
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621827
                                                                                                                                                                                                                                                                            • Part of subcall function 006214F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00621581
                                                                                                                                                                                                                                                                            • Part of subcall function 006214F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006215B2
                                                                                                                                                                                                                                                                            • Part of subcall function 006214F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006215DD
                                                                                                                                                                                                                                                                            • Part of subcall function 006214F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00621625
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621837
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 006218C0
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 006218D0
                                                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006219CD
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 006219DF
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 006219F1
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621A1D
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621A29
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621A63
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621A75
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621AA1
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621AAD
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621ACD
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621AD9
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00621B50
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00621B5C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                                                          • String ID: %b
                                                                                                                                                                                                                                                                          • API String ID: 2648890560-2353221473
                                                                                                                                                                                                                                                                          • Opcode ID: 0b6e53c63e74d98c8b494a427b9666951ed2c4ba974551af16e24610faa8c873
                                                                                                                                                                                                                                                                          • Instruction ID: 970f2f102022712df3fbce693d190ab3edcd6f8926671f7f05f0d43ed58dca18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b6e53c63e74d98c8b494a427b9666951ed2c4ba974551af16e24610faa8c873
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCC15C70E04259ABEF10DFA5DC85BEEBBFAAF15700F144129E500FB280EB759944CBA0
                                                                                                                                                                                                                                                                          Function 0060FFE0 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 368COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3111 60ffe0-61002d 3112 610051-610055 3111->3112 3113 61002f-61004c call 5f8650 3111->3113 3114 610057-61005d 3112->3114 3115 6100ae-61010d 3112->3115 3122 610557-610571 call 638367 3113->3122 3118 610061-61006a 3114->3118 3119 61005f 3114->3119 3120 610122-610135 3115->3120 3121 61010f-61011b 3115->3121 3123 610077-61007c call 60eb20 3118->3123 3124 61006c-610073 call 6221d0 3118->3124 3119->3118 3125 610574-610579 call 5c34d0 3120->3125 3126 61013b-610145 3120->3126 3121->3120 3140 61007f-610081 3123->3140 3134 610075 3124->3134 3127 610147-610149 3126->3127 3128 61014f-610187 3126->3128 3127->3128 3132 6101d3-610283 call 63a3a0 call 5ce9c0 3128->3132 3133 610189-610194 3128->3133 3153 610285 3132->3153 3154 610287-610318 call 5ce9c0 call 5c38d0 * 2 call 63a920 3132->3154 3138 610196-61019b 3133->3138 3139 61019d-6101a4 3133->3139 3134->3140 3142 6101a7-6101cd call 5c33c3 3138->3142 3139->3142 3140->3115 3143 610083-610087 3140->3143 3142->3132 3147 610089 3143->3147 3148 61008b-6100a9 call 5f8650 3143->3148 3147->3148 3148->3122 3153->3154 3163 610320-610328 3154->3163 3164 61032a-610331 3163->3164 3165 61033e-610355 3163->3165 3164->3165 3168 610333-61033c 3164->3168 3166 610357 3165->3166 3167 610359-610383 CreateProcessW 3165->3167 3166->3167 3169 610385-6103b5 GetLastError call 5f8650 3167->3169 3170 6103ba-6103ca WaitForSingleObject 3167->3170 3168->3163 3168->3165 3179 610526-61053f call 5c38d0 3169->3179 3172 6103cc-6103d0 3170->3172 3173 6103de-6103fd GetExitCodeProcess 3170->3173 3175 6103d2 3172->3175 3176 6103d4-6103dc 3172->3176 3177 610430-610434 3173->3177 3178 6103ff-61040b GetLastError 3173->3178 3175->3176 3180 610410-61042b call 5f8650 3176->3180 3181 610436-61043a 3177->3181 3182 61046e-610477 3177->3182 3178->3180 3193 610541-610542 CloseHandle 3179->3193 3194 610544-61054c 3179->3194 3180->3179 3183 61043c 3181->3183 3184 61043e-610447 DeleteFileW 3181->3184 3186 610480-61049e 3182->3186 3183->3184 3184->3182 3188 610449-61046b GetLastError call 5f8650 3184->3188 3186->3186 3190 6104a0-6104c4 3186->3190 3188->3182 3195 6104d7-61051f call 5c14a1 call 5fa350 call 5c38d0 * 2 3190->3195 3196 6104c6-6104d2 call 5c347e 3190->3196 3193->3194 3199 610551 3194->3199 3200 61054e-61054f CloseHandle 3194->3200 3195->3179 3196->3195 3199->3122 3200->3199
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: D$Failed to delete executable (%d)$Failed to get process exit code (%d)$NWebAdvisor::NXmlUpdater::CExecuteLocalCommand::ExecuteLocalCommand$Signature check failed for command %s$Unable to run %s, error (%d)$Wait for process failed for command %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExecuteLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                                                          • API String ID: 0-284121414
                                                                                                                                                                                                                                                                          • Opcode ID: 6a39a1a3670a77a20ab0588e06c77f65b9e29e311e1ee116765ec9af847ba237
                                                                                                                                                                                                                                                                          • Instruction ID: 3905941f9fdd99a9a5cdb714c2a639c8eaf717ef1377daf1ebbb5b76c597431a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a39a1a3670a77a20ab0588e06c77f65b9e29e311e1ee116765ec9af847ba237
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67E1BB70A0125A9BEF24EF64CD49BEDB7B6BF58304F0442D9E409A7291DBB09AC4CF51
                                                                                                                                                                                                                                                                          Function 005D5110 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 452registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3210 5d5110-5d5175 3211 5d517b-5d5180 3210->3211 3212 5d5762 3210->3212 3211->3212 3213 5d5186-5d518b 3211->3213 3214 5d5767-5d5784 call 638367 3212->3214 3213->3212 3216 5d5191-5d51c2 call 64594f 3213->3216 3220 5d51cc-5d51e1 call 63a920 3216->3220 3221 5d51c4-5d51c7 3216->3221 3224 5d51e7-5d51f3 3220->3224 3225 5d5313-5d5326 3220->3225 3221->3214 3224->3225 3226 5d51f9-5d51fe 3224->3226 3227 5d5328-5d532d 3225->3227 3228 5d5384 3225->3228 3226->3225 3229 5d5204-5d523e RegOpenKeyExW 3226->3229 3230 5d532f-5d5334 3227->3230 3231 5d5336-5d5351 3227->3231 3232 5d538b-5d53dc 3228->3232 3235 5d5244-5d5273 RegQueryValueExW 3229->3235 3236 5d52e2-5d5311 call 63e960 GetLastError 3229->3236 3230->3228 3237 5d5357-5d535c 3231->3237 3233 5d53fd-5d5401 3232->3233 3234 5d53de-5d53eb OutputDebugStringW call 5d4f50 3232->3234 3239 5d547e-5d5481 3233->3239 3240 5d5403-5d5449 call 63a920 * 2 call 5d6ae0 3233->3240 3246 5d53f0-5d53f8 3234->3246 3242 5d52ca-5d52dc RegCloseKey 3235->3242 3243 5d5275-5d527d 3235->3243 3236->3232 3244 5d535e-5d5365 3237->3244 3245 5d5372-5d5381 3237->3245 3251 5d548f-5d5496 3239->3251 3252 5d5483-5d5489 3239->3252 3240->3239 3290 5d544b-5d5471 3240->3290 3242->3232 3242->3236 3243->3242 3249 5d527f-5d5292 call 5d4c10 3243->3249 3244->3245 3250 5d5367-5d5370 3244->3250 3245->3228 3246->3239 3267 5d52b4-5d52c8 SetLastError RegCloseKey 3249->3267 3268 5d5294-5d529c 3249->3268 3250->3237 3250->3245 3253 5d549c-5d54b8 OutputDebugStringW call 5d4e60 3251->3253 3254 5d55d1-5d55d7 3251->3254 3252->3251 3252->3254 3272 5d54be-5d54d8 call 5d4e60 3253->3272 3273 5d55cb 3253->3273 3257 5d55d9 3254->3257 3258 5d55f3 3254->3258 3262 5d55df-5d55e5 3257->3262 3263 5d5703-5d570a 3257->3263 3265 5d55f5 3258->3265 3262->3263 3271 5d55eb-5d55f1 3262->3271 3269 5d570c-5d571b LoadLibraryExW 3263->3269 3270 5d5739 3263->3270 3265->3263 3274 5d55fb-5d5606 3265->3274 3267->3236 3268->3242 3276 5d529e-5d52b2 call 5d4c10 3268->3276 3277 5d571d-5d5737 GetLastError call 63e960 3269->3277 3278 5d573e-5d5743 3269->3278 3270->3278 3271->3265 3292 5d54da-5d54e0 3272->3292 3293 5d54f2-5d5516 call 64594f 3272->3293 3273->3254 3280 5d5608-5d560a 3274->3280 3281 5d5610-5d561c call 5d4dc0 3274->3281 3276->3242 3276->3267 3277->3278 3287 5d574e-5d5753 3278->3287 3288 5d5745-5d574b call 63874c 3278->3288 3280->3281 3301 5d56ea-5d56ef 3281->3301 3302 5d5622-5d562a 3281->3302 3296 5d575e-5d5760 3287->3296 3297 5d5755-5d575b call 63874c 3287->3297 3288->3287 3290->3239 3298 5d5518-5d551f 3292->3298 3299 5d54e2-5d54eb call 63e960 3292->3299 3293->3298 3296->3214 3297->3296 3298->3274 3310 5d5525-5d554b call 5d4e60 call 5d4cc0 3298->3310 3299->3293 3301->3278 3307 5d56f1-5d5701 call 63e960 3301->3307 3302->3301 3306 5d5630 3302->3306 3312 5d5635-5d5639 3306->3312 3307->3278 3324 5d554d-5d557f call 63a920 * 2 call 5d6ae0 3310->3324 3325 5d55c4-5d55c9 3310->3325 3316 5d563b-5d5641 3312->3316 3317 5d5643-5d565a 3312->3317 3316->3312 3316->3317 3317->3301 3320 5d5660-5d56a2 call 5d4dc0 call 64594f 3317->3320 3320->3301 3330 5d56a4-5d56e2 call 5d4dc0 call 5d4cc0 OutputDebugStringW call 63e960 3320->3330 3337 5d5584-5d558d 3324->3337 3325->3274 3341 5d56e7 3330->3341 3337->3254 3339 5d558f-5d55c2 3337->3339 3339->3254 3341->3301
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 005D5225
                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 005D5265
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(0000006F,?,?,0069A17C), ref: 005D52B6
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D52C2
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005D52F6
                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 005D53E3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 005D56B7
                                                                                                                                                                                                                                                                          • %ls\%ls, xrefs: 005D5533
                                                                                                                                                                                                                                                                          • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 005D549C
                                                                                                                                                                                                                                                                          • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 005D53DE
                                                                                                                                                                                                                                                                          • szInstallDir32, xrefs: 005D525F
                                                                                                                                                                                                                                                                          • Software\McAfee\SystemCore, xrefs: 005D521B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CloseDebugOpenOutputQueryStringValue
                                                                                                                                                                                                                                                                          • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                                                                                                          • API String ID: 1760606849-3767168787
                                                                                                                                                                                                                                                                          • Opcode ID: 989e64c767f1835cc04300fed5c7de71521f4164d376d38f864d39fb69ba59ad
                                                                                                                                                                                                                                                                          • Instruction ID: be526a6d9c036c6b23ffa2414a4db16837354de5eeb77394eab5bbf87955304d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 989e64c767f1835cc04300fed5c7de71521f4164d376d38f864d39fb69ba59ad
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8027C71E006199BDB34DF68CC45BAABBB5BF04310F1481ABE509A7381EB719E94CF91
                                                                                                                                                                                                                                                                          Function 005D70D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005E4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E521E
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7D3D
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005D7DFC
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D7DC8
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7EBB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Failed to add reserved 1 dimension (, xrefs: 005D769E
                                                                                                                                                                                                                                                                          • Service has not been initialized, xrefs: 005D7E88
                                                                                                                                                                                                                                                                          • z, xrefs: 005D7CF1
                                                                                                                                                                                                                                                                          • Failed to add event category (, xrefs: 005D71F0
                                                                                                                                                                                                                                                                          • Failed to add reserved 3 dimension (, xrefs: 005D79CD
                                                                                                                                                                                                                                                                          • Failed to add event label (, xrefs: 005D7508
                                                                                                                                                                                                                                                                          • Failed to add reserved 4 dimension (, xrefs: 005D7B63
                                                                                                                                                                                                                                                                          • Failed to add reserved 2 dimension (, xrefs: 005D7834
                                                                                                                                                                                                                                                                          • Failed to add reserved 5 dimension (, xrefs: 005D7CFD
                                                                                                                                                                                                                                                                          • u, xrefs: 005D7B57
                                                                                                                                                                                                                                                                          • Failed to add event action (, xrefs: 005D7379
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                                                          • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                                                                                                          • API String ID: 342047005-3525645681
                                                                                                                                                                                                                                                                          • Opcode ID: 898fbbb1ac600c25107040946eac7e1a359ca58c524f9f8a5c0b1578912b4d76
                                                                                                                                                                                                                                                                          • Instruction ID: ad8e1420f17fe232191fbd2430c55720f12ec6d97170815692d8efd3784b1e69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 898fbbb1ac600c25107040946eac7e1a359ca58c524f9f8a5c0b1578912b4d76
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF82B170504249CFDF28EF68C895BAD7FA5BF49304F50419EE8158B382EB75DA44CBA1
                                                                                                                                                                                                                                                                          Function 005D8FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateGuid.OLE32(?), ref: 005D8FC8
                                                                                                                                                                                                                                                                          • StringFromCLSID.OLE32(?,?), ref: 005D8FE0
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 005D9138
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005D9173
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D93D1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Could not create registry key , xrefs: 005D923F
                                                                                                                                                                                                                                                                          • SOFTWARE\McAfee\WebAdvisor, xrefs: 005D91FB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                                                                          • API String ID: 3741506170-3627174789
                                                                                                                                                                                                                                                                          • Opcode ID: adbd5743c2f76b6d9dd720d4dee6c74f7a70d0328c9b4c86d8eeb33acb07ad58
                                                                                                                                                                                                                                                                          • Instruction ID: b68a48c7bd4c17e3457b1dd7b9d6e0064419ae7c9f0851e01157f3150068200e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adbd5743c2f76b6d9dd720d4dee6c74f7a70d0328c9b4c86d8eeb33acb07ad58
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6981D7715002059FDB24EFA8DC49BAE7BA9BF84310F50462FF95697381EB30A944CB95
                                                                                                                                                                                                                                                                          Function 006214F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00621581
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006215B2
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006215DD
                                                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00621625
                                                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 0062175E
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 00621738
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CertCryptParam$ContextFree$CertificateFromStoreSubject_free
                                                                                                                                                                                                                                                                          • String ID: %b
                                                                                                                                                                                                                                                                          • API String ID: 4059466977-2353221473
                                                                                                                                                                                                                                                                          • Opcode ID: 64a32e40eae66874759032619c64bfd814fe0185890876a58ba1d80ed0b58498
                                                                                                                                                                                                                                                                          • Instruction ID: dd952727a77ff4f3bfc42526f6746cec3dab9c7274a36749a7ef700c9991a2a6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64a32e40eae66874759032619c64bfd814fe0185890876a58ba1d80ed0b58498
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2815BB5804658EFDF20DF64E840BEEBBB6BF1A344F144119E815AB352D731AA05CFA1
                                                                                                                                                                                                                                                                          Function 005C4C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005C4CA6
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 005C4CB8
                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 005C4CD3
                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 005C4CE9
                                                                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 005C4CFA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process32$ChangeCloseCreateCurrentFindFirstNextNotificationProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID: saBSI.exe
                                                                                                                                                                                                                                                                          • API String ID: 1594840063-3955546181
                                                                                                                                                                                                                                                                          • Opcode ID: 6ac648b755944033e92d470c21124f0a2b9804368a1574ed8fa31676e43575e0
                                                                                                                                                                                                                                                                          • Instruction ID: c49fc127eed9b909dbfbee045b163eeb1009b1470e473bd737c85a6ca931f09b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ac648b755944033e92d470c21124f0a2b9804368a1574ed8fa31676e43575e0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB21F6311053009FD324ABA4AC89F6E7B95BB85324F55162DF916C72E0E73199498E92
                                                                                                                                                                                                                                                                          Function 005D4F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000,EC80BF5C), ref: 005D4FB5
                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005D4FDF
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005D4FF2
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005D500B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                                                                                          • String ID: %ls\%ls
                                                                                                                                                                                                                                                                          • API String ID: 152501406-2125769799
                                                                                                                                                                                                                                                                          • Opcode ID: 25d9197bcd4884664e99ab7f48cf3e9282488bfa7077de3ae17c10c529e6e914
                                                                                                                                                                                                                                                                          • Instruction ID: b4bd37c30f653cdea24068f3187106c43df606514eecdd0540607d52d2437183
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25d9197bcd4884664e99ab7f48cf3e9282488bfa7077de3ae17c10c529e6e914
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9416371E006159BDB24DFA9CC49BAFBBB9BB44710F24413BE405E7381EA3599048B91
                                                                                                                                                                                                                                                                          Function 0064E8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0064E8FD,00000002,00000002,?,00000002), ref: 0064E920
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0064E8FD,00000002,00000002,?,00000002), ref: 0064E927
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0064E939
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                          • Opcode ID: be99d90ff57f0fd91280e46ba661d6d75c10424b61e0d63526eeda20923f3a99
                                                                                                                                                                                                                                                                          • Instruction ID: 6b6322a4c3562641b1c12fc62f5f5923f00284e9dc6ea0d341ec94f3c7403051
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be99d90ff57f0fd91280e46ba661d6d75c10424b61e0d63526eeda20923f3a99
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE04631000108AFCF552F64DD08A883B2BFB08341B080818F80986272CB37ED91CA51
                                                                                                                                                                                                                                                                          Function 005C5C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0068D808,00000000,00000017,0069B024,00000000,EC80BF5C,?,?,?,00000000,00000000,00000000,00668687,000000FF), ref: 005C5C7A
                                                                                                                                                                                                                                                                          • OleRun.OLE32(00000000), ref: 005C5C89
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8a2418049c5f2ce6c2dabfa0b8c0aa9bc551c23e015466a4b7f52b8598186f57
                                                                                                                                                                                                                                                                          • Instruction ID: 70e457896a3838987b239cf0329ec53eccead27d31c25cbab0a68f68d2eb271d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a2418049c5f2ce6c2dabfa0b8c0aa9bc551c23e015466a4b7f52b8598186f57
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7218C75600614AFDB04DB98CC45F6EBBBAFB88B20F11016DF516E73A0DB35AD008A60
                                                                                                                                                                                                                                                                          Function 005C4E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1406 5c4e1f-5c4e73 call 5ed6d0 1409 5c4e75-5c4ec1 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c136c 1406->1409 1410 5c4ec6-5c4ede call 5c4d63 1406->1410 1409->1410 1416 5c4f39-5c4f46 CoInitializeEx 1410->1416 1417 5c4ee0-5c4f34 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c136c 1410->1417 1419 5c4f4d-5c4f51 call 5c5a4f 1416->1419 1420 5c4f48-5c4f4b 1416->1420 1451 5c58da-5c58e1 1417->1451 1423 5c4f56-5c4f7c call 638760 1419->1423 1420->1419 1420->1423 1434 5c4f7e-5c4f84 1423->1434 1435 5c4f86 1423->1435 1436 5c4f88-5c4f99 call 5c5d57 1434->1436 1435->1436 1443 5c4f9b-5c4fec call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c136c 1436->1443 1444 5c4ff1-5c5008 call 638760 1436->1444 1479 5c58ba-5c58bf 1443->1479 1452 5c500a-5c5010 1444->1452 1453 5c5012 1444->1453 1455 5c58ef-5c5913 call 638367 1451->1455 1456 5c58e3-5c58e9 CloseHandle 1451->1456 1457 5c5014-5c502c call 5c5db6 1452->1457 1453->1457 1456->1455 1465 5c502e-5c5076 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c136c 1457->1465 1466 5c507b-5c50cc call 63a920 call 638760 1457->1466 1505 5c58ab-5c58b3 1465->1505 1482 5c50ce-5c50d6 call 5d6bd0 1466->1482 1483 5c50d8 1466->1483 1480 5c58c6-5c58d2 call 5c59c2 1479->1480 1481 5c58c1 call 5c7d21 1479->1481 1480->1451 1494 5c58d4 CoUninitialize 1480->1494 1481->1480 1488 5c50da-5c50f0 call 5c5e16 1482->1488 1483->1488 1498 5c50f2-5c513e call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c136c 1488->1498 1499 5c5143-5c5154 1488->1499 1494->1451 1533 5c5897-5c589c 1498->1533 1501 5c515a-5c5176 1499->1501 1502 5c5156 1499->1502 1506 5c517c-5c5194 1501->1506 1507 5c5178 1501->1507 1502->1501 1505->1479 1508 5c58b5 call 5c7d21 1505->1508 1510 5c519a-5c51a9 call 5f3670 1506->1510 1511 5c5196 1506->1511 1507->1506 1508->1479 1517 5c51ab-5c51f2 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 1510->1517 1518 5c51f7-5c5233 CommandLineToArgvW 1510->1518 1511->1510 1549 5c5310-5c5318 call 5c136c 1517->1549 1530 5c5284-5c52b0 call 63a920 GetModuleFileNameW 1518->1530 1531 5c5235-5c5282 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 GetLastError 1518->1531 1546 5c531d-5c5367 call 5cd730 call 63a920 GetLongPathNameW 1530->1546 1547 5c52b2-5c52fc call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 GetLastError 1530->1547 1570 5c52ff-5c530a call 5c6140 1531->1570 1537 5c589e call 5c7d21 1533->1537 1538 5c58a3-5c58a6 call 5c5946 1533->1538 1537->1538 1538->1505 1563 5c536d-5c5416 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 GetLastError call 5c6140 call 5c61b0 call 5c4190 call 5c136c call 63ea46 1546->1563 1564 5c5419-5c5520 call 5c171d * 2 call 5f5b70 call 5c3899 * 2 call 5c49d2 call 5c171d * 2 call 5f5b70 call 5c3899 * 2 call 5c49d2 1546->1564 1547->1570 1549->1533 1563->1564 1615 5c5596-5c55a8 call 5c49d2 1564->1615 1616 5c5522-5c5591 call 5c4a04 call 5c171d call 5f5b70 call 5c3899 * 2 1564->1616 1570->1549 1621 5c55aa-5c560c call 5c171d * 2 call 5f5b70 call 5c3899 * 2 1615->1621 1622 5c5611-5c564f call 5c4a4a 1615->1622 1616->1615 1621->1622 1641 5c5698-5c56a9 call 5c4b92 1622->1641 1642 5c5651-5c5693 call 5c9bb0 call 5c9940 call 5c1b84 call 5c6220 call 5c136c 1622->1642 1649 5c571b-5c5729 call 5c3a88 1641->1649 1650 5c56ab-5c5716 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 1641->1650 1642->1641 1654 5c572e-5c5733 1649->1654 1690 5c5887-5c588c call 5c136c 1650->1690 1658 5c57ed-5c5802 call 5c7d7c 1654->1658 1659 5c5739-5c573b 1654->1659 1670 5c5804 1658->1670 1671 5c5806-5c5881 call 5c372a call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c6290 1658->1671 1662 5c573d-5c5740 1659->1662 1663 5c5746-5c575b call 5c7d7c 1659->1663 1662->1658 1662->1663 1674 5c575d 1663->1674 1675 5c575f-5c57e8 call 5c372a call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5c6290 call 5c136c 1663->1675 1670->1671 1671->1690 1674->1675 1699 5c588f-5c5892 call 5c3899 1675->1699 1690->1699 1699->1533
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005ED6D0: GetModuleHandleW.KERNEL32(kernel32.dll,005C4E6C,EC80BF5C), ref: 005ED6D5
                                                                                                                                                                                                                                                                            • Part of subcall function 005ED6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005ED6E5
                                                                                                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,EC80BF5C), ref: 005C4F3E
                                                                                                                                                                                                                                                                          • CommandLineToArgvW.SHELL32(?,?), ref: 005C5226
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005C5276
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 005C52A8
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005C52F3
                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 005C535F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002), ref: 005C53AE
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000001), ref: 005C58E9
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                            • Part of subcall function 005C136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C13A5
                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32(?,00000001), ref: 005C58D4
                                                                                                                                                                                                                                                                            • Part of subcall function 005D6BD0: __Mtx_init_in_situ.LIBCPMT ref: 005D6CC0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                                                                                                          • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                                                                                                          • API String ID: 126520999-360321973
                                                                                                                                                                                                                                                                          • Opcode ID: 4ac3cef0d5b9c7678e99392656788b8ff6503214cb6674240135c85ab517b712
                                                                                                                                                                                                                                                                          • Instruction ID: f4dd178bc66220a89052d0042996a5b41f343f3cf5523a32f8ad88c51f7d26a6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac3cef0d5b9c7678e99392656788b8ff6503214cb6674240135c85ab517b712
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D622970900249DEDF14EFE4D899FED7BB9BF55304F50805DE809A7281EB70AA48CBA5
                                                                                                                                                                                                                                                                          Function 005FEFC0 Relevance: 65.5, APIs: 13, Strings: 24, Instructions: 743COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1717 5fefc0-5ff053 call 6141f0 call 614430 1722 5ff07f-5ff13b call 5fea50 call 63a920 * 2 1717->1722 1723 5ff055-5ff06b call 5f8650 1717->1723 1738 5ff13d-5ff163 GetLastError call 5fe9b0 1722->1738 1739 5ff168-5ff170 1722->1739 1726 5ff070-5ff07a 1723->1726 1728 5ffa58-5ffa83 call 614210 call 638367 1726->1728 1745 5ff3cb-5ff3e6 call 5f8650 1738->1745 1741 5ff18d-5ff1ab call 614280 1739->1741 1742 5ff172-5ff186 1739->1742 1748 5ff1ad-5ff1d3 GetLastError call 5fe9b0 1741->1748 1749 5ff1d8-5ff209 call 614480 1741->1749 1742->1741 1745->1728 1748->1745 1755 5ff20b-5ff231 GetLastError call 5fe9b0 1749->1755 1756 5ff236-5ff255 call 614250 1749->1756 1755->1745 1761 5ff289-5ff29a call 614640 1756->1761 1762 5ff257-5ff286 call 5f8650 1756->1762 1766 5ff29c-5ff2ee GetLastError call 5fe9b0 call 5f8650 1761->1766 1767 5ff2f3-5ff300 call 614620 1761->1767 1762->1761 1766->1728 1775 5ff329-5ff33f call 614560 1767->1775 1776 5ff302-5ff324 GetLastError call 5fe9b0 1767->1776 1782 5ff389-5ff3a7 call 6144c0 1775->1782 1783 5ff341-5ff384 GetLastError call 5fe9b0 call 5f8650 1775->1783 1776->1745 1789 5ff3eb-5ff41a call 64594f 1782->1789 1790 5ff3a9-5ff3c6 GetLastError call 5fe9b0 1782->1790 1783->1728 1796 5ff41c-5ff455 call 5fe9b0 call 5f8650 1789->1796 1797 5ff45a-5ff461 1789->1797 1790->1745 1810 5ffa4f-5ffa50 call 63e960 1796->1810 1799 5ff463-5ff48f 1797->1799 1800 5ff4c2-5ff4db call 6008c0 1797->1800 1802 5ff495-5ff49e 1799->1802 1809 5ff4e0-5ff501 call 5c44b2 1800->1809 1802->1802 1805 5ff4a0-5ff4c0 call 5c347e 1802->1805 1805->1809 1816 5ff51d-5ff523 1809->1816 1817 5ff503-5ff517 call 5c38d0 1809->1817 1815 5ffa55 1810->1815 1815->1728 1819 5ff525-5ff52b call 5c38d0 1816->1819 1820 5ff530-5ff537 1816->1820 1817->1816 1819->1820 1823 5ff539-5ff53f 1820->1823 1824 5ff5a0-5ff5de call 600230 1820->1824 1826 5ff561-5ff582 call 5f8650 1823->1826 1827 5ff541-5ff55f call 5f8650 1823->1827 1831 5ff657-5ff669 call 5c38d0 1824->1831 1832 5ff5e0-5ff5e6 1824->1832 1837 5ff585-5ff59b call 5fe9b0 1826->1837 1827->1837 1843 5ff66d-5ff676 PathFileExistsW 1831->1843 1844 5ff66b 1831->1844 1835 5ff5e8-5ff5f7 1832->1835 1836 5ff625-5ff654 1832->1836 1840 5ff60f-5ff61f call 638375 1835->1840 1841 5ff5f9-5ff607 1835->1841 1836->1831 1852 5ffa44-5ffa4a call 5c38d0 1837->1852 1840->1836 1846 5ffadf-5ffb00 call 63d60f 1841->1846 1847 5ff60d 1841->1847 1850 5ff83d-5ff844 1843->1850 1851 5ff67c-5ff68b 1843->1851 1844->1843 1860 5ffb0d-5ffb11 1846->1860 1861 5ffb02-5ffb0a call 638375 1846->1861 1847->1840 1855 5ff848-5ff86a CreateFileW 1850->1855 1856 5ff846 1850->1856 1857 5ff8b8-5ff8bc 1851->1857 1858 5ff691-5ff6a4 1851->1858 1852->1810 1862 5ff8fa-5ff942 call 6135a0 call 6145f0 1855->1862 1863 5ff870-5ff8b3 call 5fe9b0 call 5f8650 1855->1863 1856->1855 1866 5ff8be 1857->1866 1867 5ff8c0-5ff8f5 call 5f8650 call 5fe9b0 1857->1867 1864 5ffada call 5c34d0 1858->1864 1865 5ff6aa-5ff6ae 1858->1865 1861->1860 1893 5ff948 1862->1893 1894 5ff9d6-5ffa1a CloseHandle call 6135f0 call 5c149c 1862->1894 1863->1852 1864->1846 1870 5ff6b8-5ff6f2 1865->1870 1871 5ff6b0-5ff6b2 1865->1871 1866->1867 1867->1852 1877 5ff739-5ff7ba call 63a3a0 DeleteFileW 1870->1877 1878 5ff6f4-5ff6ff 1870->1878 1871->1870 1891 5ff7be-5ff7ca call 6465f0 1877->1891 1892 5ff7bc 1877->1892 1883 5ff708-5ff70f 1878->1883 1884 5ff701-5ff706 1878->1884 1889 5ff712-5ff733 call 5c33c3 1883->1889 1884->1889 1889->1877 1905 5ff82e-5ff838 call 5c38d0 1891->1905 1906 5ff7cc-5ff7ee call 63d73d call 5fe9b0 1891->1906 1892->1891 1899 5ff950-5ff958 1893->1899 1915 5ffa1c-5ffa1f 1894->1915 1916 5ffa24-5ffa33 call 5fe9b0 1894->1916 1899->1894 1904 5ff95a-5ff973 WriteFile 1899->1904 1908 5ff979-5ff9c9 call 5fe990 call 614140 call 6145f0 1904->1908 1909 5ffa86-5ffad5 call 5fe9b0 call 5f8650 CloseHandle 1904->1909 1905->1850 1927 5ff7f2-5ff829 call 5f8650 call 5c38d0 1906->1927 1928 5ff7f0 1906->1928 1932 5ff9ce-5ff9d0 1908->1932 1929 5ffa3a 1909->1929 1915->1916 1916->1929 1927->1852 1928->1927 1929->1852 1932->1894 1932->1899
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005FF13D
                                                                                                                                                                                                                                                                            • Part of subcall function 005F8650: std::locale::_Init.LIBCPMT ref: 005F882F
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 005FFAC8
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                                                                                                          • String ID: <$<Zh$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                                                                                                          • API String ID: 2292809486-1261858522
                                                                                                                                                                                                                                                                          • Opcode ID: df01ba82432a4bb699850c6a264c5f3d1d2f87995b5ee23a8c659398864a9f78
                                                                                                                                                                                                                                                                          • Instruction ID: 84c396fb224037b84806f106525f9dac9def8a4bcdc2af2e940e0894d8d2637d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df01ba82432a4bb699850c6a264c5f3d1d2f87995b5ee23a8c659398864a9f78
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED6291B0A40619EFDB24DF54CC45FA9BBB6BF54304F0001E8F61967291DBB4AA84CFA5
                                                                                                                                                                                                                                                                          Function 006065F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2370 6065f0-606642 2371 606644 2370->2371 2372 606646-60664a 2370->2372 2371->2372 2373 606650-606662 call 5c1b0c 2372->2373 2374 6068c4-6068de 2372->2374 2373->2374 2381 606668-606690 2373->2381 2376 6068e4-606900 call 5f1ac0 2374->2376 2377 606a8f-606aa3 call 6388fa 2374->2377 2386 606902-606912 2376->2386 2387 60695a-606960 2376->2387 2377->2376 2388 606aa9-606cc3 call 6060c0 * 3 call 5c347e call 6060c0 * 2 call 5c347e * 4 call 606400 call 6385d4 call 6385bf call 6388b0 2377->2388 2384 606712 2381->2384 2385 606696-6066be 2381->2385 2392 606719-606727 2384->2392 2389 6066c4-6066cd 2385->2389 2390 606914 2386->2390 2391 606916-606923 2386->2391 2394 606962 2387->2394 2395 606964-6069a1 call 5f8650 2387->2395 2388->2376 2389->2389 2396 6066cf-606710 call 5c347e call 5f93a0 2389->2396 2390->2391 2397 606925-606927 2391->2397 2398 60692d-60694e call 5c1b0c 2391->2398 2399 606734-60673b 2392->2399 2400 606729-60672f call 5c38d0 2392->2400 2394->2395 2411 6069a4-6069ad 2395->2411 2396->2384 2396->2392 2397->2398 2421 606954 2398->2421 2422 6069db-6069e4 2398->2422 2403 6067a8-6067df call 63a920 2399->2403 2404 60673d-60677c call 5f8650 2399->2404 2400->2399 2428 6067e1-6067f5 2403->2428 2429 60681d 2403->2429 2424 606780-606789 2404->2424 2411->2411 2418 6069af-6069b7 call 5c347e 2411->2418 2433 6069bc-6069d8 call 638367 2418->2433 2421->2387 2426 6069ea-6069f6 2421->2426 2422->2387 2422->2426 2424->2424 2432 60678b-6067a3 call 5c347e call 5c38d0 2424->2432 2426->2387 2434 6069fc-606a1c SHGetKnownFolderPath 2426->2434 2428->2429 2435 6067f7-6067fd 2428->2435 2431 60681f-606843 GetEnvironmentVariableW 2429->2431 2437 606845-60684a 2431->2437 2438 60686e-6068b1 GetLastError call 5f8650 2431->2438 2432->2433 2441 606a54-606a8a call 5c14a1 CoTaskMemFree call 5c44b2 call 5c38d0 2434->2441 2442 606a1e-606a22 2434->2442 2443 606800 2435->2443 2437->2438 2446 60684c-606865 call 5c14a1 call 5c38d0 2437->2446 2465 6068b4-6068bd 2438->2465 2441->2433 2450 606a24 2442->2450 2451 606a26-606a4f call 5f8650 call 5c14a1 2442->2451 2443->2429 2452 606802-606805 2443->2452 2446->2433 2450->2451 2451->2433 2453 606807-60681b 2452->2453 2454 60686a-60686c 2452->2454 2453->2429 2453->2443 2454->2431 2465->2465 2470 6068bf 2465->2470 2470->2374
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 0060683B
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0060686E
                                                                                                                                                                                                                                                                          • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00606A15
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00606A6B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                                                                                                          • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                                                                                                          • API String ID: 3946049928-1874136459
                                                                                                                                                                                                                                                                          • Opcode ID: b9a73b1d05f84987086995e409b4b6b75d1e16c0879b14057d71e2ca4f38c51f
                                                                                                                                                                                                                                                                          • Instruction ID: 6b19ed946ab35a6207cf79457b90cf5dc082f35e48e4088760acfb69aca7868e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9a73b1d05f84987086995e409b4b6b75d1e16c0879b14057d71e2ca4f38c51f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE02D170A40359DADB24EF64CC49BDABBB2BF54704F10428CE409672C1EBB5AA98CF55
                                                                                                                                                                                                                                                                          Function 005FEAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2492 5feaa0-5feb46 call 6141f0 call 614430 2497 5feb4c-5febf6 call 63a920 * 2 2492->2497 2498 5fec1b-5fec28 2492->2498 2509 5fec2d-5fec35 2497->2509 2510 5febf8-5fec18 GetLastError call 5f8650 2497->2510 2499 5fef5b-5fef83 call 614210 call 638367 2498->2499 2511 5fec37-5fec4b 2509->2511 2512 5fec52-5fec6d call 614280 2509->2512 2510->2498 2511->2512 2517 5fec6f-5fec9f GetLastError call 5f8650 2512->2517 2518 5feca4-5fecd5 call 614480 2512->2518 2517->2499 2523 5fed0c-5fed2b call 614250 2518->2523 2524 5fecd7-5fed07 GetLastError call 5f8650 2518->2524 2529 5fed2d-5fed49 GetLastError call 5f8650 2523->2529 2530 5fed4c-5fed5d call 614640 2523->2530 2524->2499 2529->2530 2535 5fed5f-5feda0 GetLastError call 5f8650 2530->2535 2536 5feda5-5fedb2 call 614620 2530->2536 2535->2499 2541 5fede5-5fedfb call 614560 2536->2541 2542 5fedb4-5fede0 GetLastError call 5f8650 2536->2542 2547 5fedfd-5fee2f GetLastError call 5f8650 2541->2547 2548 5fee34-5fee52 call 6144c0 2541->2548 2542->2499 2547->2499 2553 5fee88-5feea4 call 64594f 2548->2553 2554 5fee54-5fee83 GetLastError call 5f8650 2548->2554 2559 5feeda-5fef01 call 6145f0 2553->2559 2560 5feea6-5feed5 call 5f8650 call 63e960 2553->2560 2554->2499 2564 5fef06-5fef08 2559->2564 2560->2499 2566 5fef0a 2564->2566 2567 5fef46-5fef58 call 63e960 2564->2567 2569 5fef10-5fef18 2566->2569 2567->2499 2569->2567 2571 5fef1a-5fef22 2569->2571 2573 5fef86-5fefb9 call 5f8650 call 63e960 2571->2573 2574 5fef24-5fef44 call 6145f0 2571->2574 2573->2499 2574->2567 2574->2569
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(EC80BF5C), ref: 005FEBF9
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(EC80BF5C,?,00000000,?), ref: 005FEC70
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(EC80BF5C,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005FECD8
                                                                                                                                                                                                                                                                            • Part of subcall function 005F8650: std::locale::_Init.LIBCPMT ref: 005F882F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(EC80BF5C,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005FED2E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(EC80BF5C,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005FED75
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                                                                                                          • String ID: @]_$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                                                                                                          • API String ID: 1579124236-3423960216
                                                                                                                                                                                                                                                                          • Opcode ID: 3b3440728a7dfb27000930a4f979f41344abe05daa3138e1aa0903448b624b9e
                                                                                                                                                                                                                                                                          • Instruction ID: f1f38bb68e00869778c5f4225eec2d662eecf4f7850f3b086885b81993b80b89
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b3440728a7dfb27000930a4f979f41344abe05daa3138e1aa0903448b624b9e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BC1A4F0A4071DAAEB20AF10CC96BE9B765BF14704F404299F709771C1DBB55A888FA9
                                                                                                                                                                                                                                                                          Function 005F9400 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 870libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2581 5f9400-5f9483 GetModuleHandleW 2582 5f9485-5f9495 GetProcAddress 2581->2582 2583 5f94c2 2581->2583 2582->2583 2584 5f9497-5f94b3 GetCurrentProcess 2582->2584 2585 5f94c4-5f94dc 2583->2585 2584->2583 2590 5f94b5-5f94bc 2584->2590 2586 5f94e0-5f94e9 2585->2586 2586->2586 2587 5f94eb-5f952e call 5c347e 2586->2587 2593 5f9530-5f9539 2587->2593 2590->2583 2592 5f94be-5f94c0 2590->2592 2592->2585 2593->2593 2594 5f953b-5f9567 call 5c347e call 5f8c60 2593->2594 2599 5f9569-5f9580 call 5c347e 2594->2599 2600 5f9585-5f9592 2594->2600 2599->2600 2602 5f95c9-5f95f6 2600->2602 2603 5f9594-5f95a9 2600->2603 2604 5f962d-5f9674 call 5f91a0 2602->2604 2605 5f95f8-5f960d 2602->2605 2606 5f95bf-5f95c6 call 638375 2603->2606 2607 5f95ab-5f95b9 2603->2607 2619 5f9677-5f9680 2604->2619 2609 5f960f-5f961d 2605->2609 2610 5f9623-5f962a call 638375 2605->2610 2606->2602 2607->2606 2612 5fa108-5fa121 call 63d60f 2607->2612 2609->2610 2609->2612 2610->2604 2619->2619 2620 5f9682-5f96a8 call 5c347e call 5f8c60 2619->2620 2625 5f96be-5f96cb 2620->2625 2626 5f96aa-5f96b1 2620->2626 2629 5f96cd-5f96e2 2625->2629 2630 5f9702-5f972f 2625->2630 2627 5f96b5-5f96b9 call 5c347e 2626->2627 2628 5f96b3 2626->2628 2627->2625 2628->2627 2632 5f96f8-5f96ff call 638375 2629->2632 2633 5f96e4-5f96f2 2629->2633 2634 5f9766-5f97c9 call 63a920 GetModuleFileNameW 2630->2634 2635 5f9731-5f9746 2630->2635 2632->2630 2633->2632 2644 5f97cb-5f97fb GetLastError call 5f8650 2634->2644 2645 5f9816-5f9884 call 600750 call 5c3f22 call 5c38d0 call 63a920 GetLongPathNameW 2634->2645 2638 5f975c-5f9763 call 638375 2635->2638 2639 5f9748-5f9756 2635->2639 2638->2634 2639->2638 2650 5f9800-5f9809 2644->2650 2662 5f98eb-5f98f1 2645->2662 2663 5f9886-5f98e8 GetLastError call 5f8650 call 63ea46 2645->2663 2650->2650 2652 5f980b-5f9811 2650->2652 2654 5f990b-5f9948 call 5c347e 2652->2654 2661 5f9950-5f9959 2654->2661 2661->2661 2664 5f995b-5f9987 call 5c347e call 5f8c60 2661->2664 2666 5f98f4-5f98fd 2662->2666 2663->2662 2675 5f9989-5f99a0 call 5c347e 2664->2675 2676 5f99a5-5f99b2 2664->2676 2666->2666 2670 5f98ff-5f990a 2666->2670 2670->2654 2675->2676 2678 5f99e9-5f9a16 2676->2678 2679 5f99b4-5f99c9 2676->2679 2682 5f9a4d-5f9abf call 5c347e 2678->2682 2683 5f9a18-5f9a2d 2678->2683 2680 5f99df-5f99e6 call 638375 2679->2680 2681 5f99cb-5f99d9 2679->2681 2680->2678 2681->2680 2692 5f9ac0-5f9ac9 2682->2692 2686 5f9a2f-5f9a3d 2683->2686 2687 5f9a43-5f9a4a call 638375 2683->2687 2686->2687 2687->2682 2692->2692 2693 5f9acb-5f9af7 call 5c347e call 5f8c60 2692->2693 2698 5f9af9-5f9b10 call 5c347e 2693->2698 2699 5f9b15-5f9b22 2693->2699 2698->2699 2701 5f9b59-5f9b86 2699->2701 2702 5f9b24-5f9b39 2699->2702 2703 5f9bbd-5f9c2f call 5c347e 2701->2703 2704 5f9b88-5f9b9d 2701->2704 2705 5f9b4f-5f9b56 call 638375 2702->2705 2706 5f9b3b-5f9b49 2702->2706 2715 5f9c30-5f9c39 2703->2715 2708 5f9b9f-5f9bad 2704->2708 2709 5f9bb3-5f9bba call 638375 2704->2709 2705->2701 2706->2705 2708->2709 2709->2703 2715->2715 2716 5f9c3b-5f9c67 call 5c347e call 5f8c60 2715->2716 2721 5f9c69-5f9c80 call 5c347e 2716->2721 2722 5f9c85-5f9c92 2716->2722 2721->2722 2724 5f9cc9-5f9cf6 2722->2724 2725 5f9c94-5f9ca9 2722->2725 2728 5f9d2d-5f9d69 call 5f8f20 call 5fa130 2724->2728 2729 5f9cf8-5f9d0d 2724->2729 2726 5f9cbf-5f9cc6 call 638375 2725->2726 2727 5f9cab-5f9cb9 2725->2727 2726->2724 2727->2726 2740 5f9d6b-5f9d6d 2728->2740 2741 5f9d72-5f9dae call 5f8f60 call 5fa130 2728->2741 2732 5f9d0f-5f9d1d 2729->2732 2733 5f9d23-5f9d2a call 638375 2729->2733 2732->2733 2733->2728 2740->2741 2746 5f9db7-5f9df3 call 5f8ee0 call 5fa130 2741->2746 2747 5f9db0-5f9db2 2741->2747 2752 5f9dfc-5f9e38 call 5f9120 call 5fa130 2746->2752 2753 5f9df5-5f9df7 2746->2753 2747->2746 2758 5f9e3a-5f9e3c 2752->2758 2759 5f9e41-5f9e7d call 5f9120 call 5fa130 2752->2759 2753->2752 2758->2759 2764 5f9e7f-5f9e81 2759->2764 2765 5f9e86-5f9ec2 call 5f90e0 call 5fa130 2759->2765 2764->2765 2770 5f9ecb-5f9f07 call 5f9160 call 5fa130 2765->2770 2771 5f9ec4-5f9ec6 2765->2771 2776 5f9f09-5f9f0b 2770->2776 2777 5f9f10-5f9f4c call 5f9060 call 5fa130 2770->2777 2771->2770 2776->2777 2782 5f9f4e-5f9f50 2777->2782 2783 5f9f55-5f9f91 call 5f9060 call 5fa130 2777->2783 2782->2783 2788 5f9f9a-5f9fd6 call 5f9020 call 5fa130 2783->2788 2789 5f9f93-5f9f95 2783->2789 2794 5f9fdf-5fa01b call 5f90a0 call 5fa130 2788->2794 2795 5f9fd8-5f9fda 2788->2795 2789->2788 2800 5fa01d-5fa01f 2794->2800 2801 5fa024-5fa060 call 5f8fa0 call 5fa130 2794->2801 2795->2794 2800->2801 2806 5fa069-5fa0a5 call 5f8fe0 call 5fa130 2801->2806 2807 5fa062-5fa064 2801->2807 2812 5fa0ae-5fa0e3 call 5f8ea0 call 5fa130 2806->2812 2813 5fa0a7-5fa0a9 2806->2813 2807->2806 2818 5fa0ec-5fa107 call 638367 2812->2818 2819 5fa0e5-5fa0e7 2812->2819 2813->2812 2819->2818
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,EC80BF5C,?), ref: 005F947B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 005F948B
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 005F94A8
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0069A52C,0069A52A), ref: 005F97C1
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0069A52C,0069A52A), ref: 005F97CB
                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 005F987C
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005F989A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                                                                                                          • String ID: $wh$0ph$0wh$1.1$<wh$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32$>h$rh$vh
                                                                                                                                                                                                                                                                          • API String ID: 891933594-122931216
                                                                                                                                                                                                                                                                          • Opcode ID: a0bd1f51d7ccb17b604e77e5a619fc7208f30268984afd211cf1702a020ff90b
                                                                                                                                                                                                                                                                          • Instruction ID: 5d5c807d74365e25218827442cb62dbd01c455f91866f2a3400b6cc7a04537af
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0bd1f51d7ccb17b604e77e5a619fc7208f30268984afd211cf1702a020ff90b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F727DB0A002199FDB24DF64CC89BAD7BB5BF49304F1041DCE609AB291DB79AE84CF55
                                                                                                                                                                                                                                                                          Function 005FBC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 2822 5fbc60-5fbd0a call 5c347e 2825 5fbd0e-5fbd14 2822->2825 2826 5fbd0c 2822->2826 2827 5fbd18-5fbd39 call 5ffbe0 2825->2827 2828 5fbd16 2825->2828 2826->2825 2831 5fbd6e-5fbd94 PathFindExtensionW call 642041 2827->2831 2832 5fbd3b-5fbd3f 2827->2832 2828->2827 2839 5fbdaa-5fbdbe 2831->2839 2840 5fbd96-5fbda8 call 642041 2831->2840 2833 5fbd43-5fbd63 call 5f8650 2832->2833 2834 5fbd41 2832->2834 2843 5fbe5d-5fbe5f 2833->2843 2844 5fbd69 2833->2844 2834->2833 2841 5fbdc9-5fbdce call 60eb20 2839->2841 2842 5fbdc0-5fbdc5 call 6221d0 2839->2842 2840->2839 2850 5fbdea-5fbdfa call 5fbbf0 2840->2850 2857 5fbdd1-5fbdd3 2841->2857 2851 5fbdc7 2842->2851 2848 5fbe63-5fbe69 2843->2848 2849 5fbe4b-5fbe57 DeleteFileW 2844->2849 2853 5fbe6b-5fbe7d 2848->2853 2854 5fbe99-5fbeb3 2848->2854 2849->2843 2872 5fbdfc-5fbe0e 2850->2872 2873 5fbe61 2850->2873 2851->2857 2859 5fbe8f-5fbe96 call 638375 2853->2859 2860 5fbe7f-5fbe8d 2853->2860 2855 5fbeb5-5fbec7 2854->2855 2856 5fbee3-5fbf00 call 638367 2854->2856 2861 5fbed9-5fbee0 call 638375 2855->2861 2862 5fbec9-5fbed7 2855->2862 2857->2850 2864 5fbdd5-5fbde8 2857->2864 2859->2854 2860->2859 2867 5fbf03-5fbf63 call 63d60f 2860->2867 2861->2856 2862->2861 2862->2867 2871 5fbe37-5fbe48 call 5f8650 2864->2871 2882 5fbf65-5fbf6f 2867->2882 2883 5fbf74-5fc0e0 call 5c347e call 5f67e0 call 5c38d0 call 5c347e call 5f67e0 call 5c38d0 call 5c347e call 5f67e0 call 5c38d0 call 5c347e call 5f67e0 call 5c38d0 call 5c347e call 5f67e0 call 5c38d0 2867->2883 2871->2849 2878 5fbe12-5fbe1f call 642041 2872->2878 2879 5fbe10 2872->2879 2873->2848 2878->2873 2887 5fbe21-5fbe32 2878->2887 2879->2878 2886 5fc387-5fc39d call 5f8650 2882->2886 2927 5fc37d-5fc382 2883->2927 2928 5fc0e6-5fc0ee 2883->2928 2893 5fc39f-5fc3a4 2886->2893 2887->2871 2895 5fc3c7-5fc3e4 call 638367 2893->2895 2896 5fc3a6-5fc3b0 2893->2896 2896->2895 2899 5fc3b2-5fc3be 2896->2899 2899->2895 2905 5fc3c0-5fc3c2 2899->2905 2905->2895 2927->2886 2928->2927 2929 5fc0f4-5fc0fc 2928->2929 2930 5fc0fe-5fc113 call 5c14a1 2929->2930 2931 5fc115-5fc121 call 5c14c1 2929->2931 2936 5fc126-5fc13c call 5c44b2 2930->2936 2931->2936 2939 5fc13e-5fc147 call 5c38d0 2936->2939 2940 5fc14c-5fc153 2936->2940 2939->2940 2942 5fc166-5fc171 2940->2942 2943 5fc155-5fc161 call 5c38d0 2940->2943 2945 5fc188-5fc197 call 5c14c1 2942->2945 2946 5fc173-5fc186 call 5c14a1 2942->2946 2943->2942 2951 5fc19a-5fc1b0 call 5c44b2 2945->2951 2946->2951 2954 5fc1c3-5fc1ca 2951->2954 2955 5fc1b2-5fc1be call 5c38d0 2951->2955 2957 5fc1dd-5fc1e5 2954->2957 2958 5fc1cc-5fc1d8 call 5c38d0 2954->2958 2955->2954 2960 5fc1fc-5fc20b call 5c14c1 2957->2960 2961 5fc1e7-5fc1fa call 5c14a1 2957->2961 2958->2957 2966 5fc20e-5fc221 call 5c44b2 2960->2966 2961->2966 2969 5fc223-5fc22c call 5c38d0 2966->2969 2970 5fc231-5fc238 2966->2970 2969->2970 2972 5fc23a-5fc240 call 5c38d0 2970->2972 2973 5fc245-5fc25e call 5fa380 2970->2973 2972->2973 2977 5fc346-5fc34b 2973->2977 2978 5fc264-5fc271 call 5fa380 2973->2978 2979 5fc34d-5fc35e call 5f8650 2977->2979 2978->2977 2984 5fc277-5fc284 call 5fa380 2978->2984 2986 5fc361 2979->2986 2984->2977 2990 5fc28a-5fc297 2984->2990 2988 5fc363-5fc37b call 5c38d0 * 3 2986->2988 2988->2893 2992 5fc29b-5fc2aa call 664db0 2990->2992 2993 5fc299 2990->2993 2999 5fc2cf-5fc301 call 5c14a1 call 5f67e0 call 5c38d0 2992->2999 3000 5fc2ac-5fc2ca call 5f8650 2992->3000 2993->2992 3010 5fc323-5fc33d call 5fbc60 2999->3010 3011 5fc303-5fc310 call 5fa380 2999->3011 3000->2986 3015 5fc342-5fc344 3010->3015 3016 5fc31b-5fc31f 3011->3016 3017 5fc312-5fc319 3011->3017 3015->2988 3016->3010 3018 5fc321 3016->3018 3017->2979 3018->3010
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0069BFD0,00000000,EC80BF5C), ref: 005FBD7A
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 005FBE57
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                                                                                                          • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create desusertion directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                                                                                                          • API String ID: 3618814920-733304951
                                                                                                                                                                                                                                                                          • Opcode ID: 9c690e984730304d731740bd37e5051eaa88db7fcf0bf6e4624855cd29aee3bf
                                                                                                                                                                                                                                                                          • Instruction ID: fb4876f5b3e10853325cee1d34a63621fbc8562a0cb5ed14782204ae88f7c8f5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c690e984730304d731740bd37e5051eaa88db7fcf0bf6e4624855cd29aee3bf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9227B71E0020DDFDF14EFA4C895FEEBBB5BB54304F104529E615A7282DB78AA48CB61
                                                                                                                                                                                                                                                                          Function 005D0890 Relevance: 28.6, APIs: 12, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3343 5d0890-5d08e2 call 623bab 3346 5d08e8-5d08ee 3343->3346 3347 5d1045-5d1046 call 623faf 3343->3347 3348 5d08f4-5d090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3346->3348 3349 5d0a53-5d0a70 call 63a920 3346->3349 3354 5d104b call 63d60f 3347->3354 3351 5d101f-5d1042 call 623bbc call 638367 3348->3351 3352 5d0911-5d0939 3348->3352 3363 5d0a75-5d0ab6 call 5d3110 3349->3363 3364 5d0a72 3349->3364 3355 5d093d-5d0942 3352->3355 3356 5d093b 3352->3356 3360 5d1050-5d1053 3354->3360 3361 5d0945-5d094e 3355->3361 3356->3355 3365 5d105c-5d1069 3360->3365 3366 5d1055-5d105a 3360->3366 3361->3361 3367 5d0950-5d099f call 5cf520 call 5ce640 3361->3367 3376 5d0abc-5d0ac0 3363->3376 3377 5d0fa9-5d101c call 5d2b90 call 622bfd 3363->3377 3364->3363 3370 5d106c-5d1098 call 5c2a82 call 5c28d1 call 63a332 3365->3370 3366->3370 3387 5d09a4-5d09bf 3367->3387 3381 5d0d19-5d0d26 3376->3381 3382 5d0ac6-5d0bba call 638713 call 63a920 call 623367 call 623184 call 6233f6 call 5c3128 call 623084 call 6231e9 3376->3382 3377->3351 3383 5d0d28 3381->3383 3384 5d0d2a-5d0d53 call 5c89b0 3381->3384 3465 5d0bbc-5d0bcc call 623367 3382->3465 3466 5d0bef-5d0c12 call 625688 3382->3466 3383->3384 3406 5d0d59-5d0d70 call 5c2c9c 3384->3406 3407 5d0e00-5d0e0a 3384->3407 3392 5d09fc-5d0a1b 3387->3392 3393 5d09c1-5d09d6 3387->3393 3395 5d0a1d-5d0a1f 3392->3395 3396 5d0a31-5d0a40 3392->3396 3400 5d09ec-5d09f9 call 638375 3393->3400 3401 5d09d8-5d09e6 3393->3401 3395->3351 3405 5d0a25-5d0a2c LocalFree 3395->3405 3403 5d0a51 3396->3403 3404 5d0a42-5d0a4f LocalFree 3396->3404 3400->3392 3401->3354 3401->3400 3403->3349 3404->3349 3405->3351 3419 5d0db8-5d0dc3 call 6238a1 3406->3419 3420 5d0d72-5d0d8a 3406->3420 3407->3377 3412 5d0e10-5d0e3a call 5c2c9c 3407->3412 3424 5d0e3c-5d0e6c call 5d2310 3412->3424 3425 5d0e89-5d0eb2 call 6238a1 3412->3425 3431 5d0dcd-5d0de5 3419->3431 3432 5d0dc5-5d0dc8 call 5c2510 3419->3432 3420->3419 3446 5d0d8c-5d0db2 3420->3446 3442 5d0e6e-5d0e79 call 6238a1 3424->3442 3439 5d0ebc 3425->3439 3440 5d0eb4-5d0eb7 call 5c2510 3425->3440 3436 5d0dfc 3431->3436 3437 5d0de7-5d0df4 3431->3437 3432->3431 3436->3407 3437->3436 3445 5d0ec0-5d0ed4 3439->3445 3440->3439 3456 5d0e7b-5d0e7e call 5c2510 3442->3456 3457 5d0e83-5d0e87 3442->3457 3450 5d0eeb-5d0f0d 3445->3450 3451 5d0ed6-5d0ee3 3445->3451 3446->3360 3446->3419 3450->3377 3453 5d0f13 3450->3453 3451->3450 3458 5d0f1e-5d0f2b call 5d3030 3453->3458 3459 5d0f15-5d0f18 3453->3459 3456->3457 3457->3445 3468 5d0f2d-5d0f63 3458->3468 3469 5d0f78-5d0f82 3458->3469 3459->3377 3459->3458 3479 5d0bde-5d0bec call 6233bf 3465->3479 3480 5d0bce-5d0bd9 3465->3480 3476 5d0c5f-5d0c7e call 5d2c50 3466->3476 3477 5d0c14-5d0c16 3466->3477 3468->3469 3472 5d0f65-5d0f68 3468->3472 3473 5d0f84 3469->3473 3474 5d0f86-5d0fa4 call 5ce790 call 5d1740 3469->3474 3472->3365 3478 5d0f6e-5d0f73 3472->3478 3473->3474 3474->3377 3492 5d0caf-5d0cb4 3476->3492 3493 5d0c80-5d0c9a 3476->3493 3485 5d0c18-5d0c1e call 63e960 3477->3485 3486 5d0c21-5d0c2d 3477->3486 3478->3370 3479->3466 3480->3479 3485->3486 3491 5d0c30-5d0c34 3486->3491 3491->3491 3495 5d0c36-5d0c4e call 64594f 3491->3495 3497 5d0cb6-5d0ccd 3492->3497 3498 5d0ce2-5d0ceb 3492->3498 3493->3492 3509 5d0c9c-5d0caa 3493->3509 3495->3476 3503 5d0c50-5d0c5c call 63a3a0 3495->3503 3497->3498 3510 5d0ccf-5d0cdd 3497->3510 3498->3381 3500 5d0ced-5d0d04 3498->3500 3500->3381 3513 5d0d06-5d0d14 3500->3513 3503->3476 3509->3492 3510->3498 3513->3381
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 005D0903
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 005D0A26
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 005D0A43
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2510: __EH_prolog3_catch.LIBCMT ref: 005C2517
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005D0B08
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005D0B50
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005D0B86
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 005D0B97
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005D0BC0
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005D0BE1
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 005D0BF2
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D1017
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D1020
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$DescriptorFreeLocalLockit::_Securitystd::locale::_$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimp::_Locimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockStringstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 2168703646-3388121372
                                                                                                                                                                                                                                                                          • Opcode ID: ca622fe1d69be034aa37727b355e2e85ba55d3d8372930fbac92da22664a36d8
                                                                                                                                                                                                                                                                          • Instruction ID: e1c92fea6099028ee0093fdaf42225e6f23a2fa2681afb53994fad5710aa4356
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca622fe1d69be034aa37727b355e2e85ba55d3d8372930fbac92da22664a36d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83327E70900259CFDB24DFA8C959BDDBBB5BF08304F14409AE849AB391DB75AE84CF91
                                                                                                                                                                                                                                                                          Function 005E59AA Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 407COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 3517 5e59aa-5e5b7a call 5e6440 call 5d9180 3530 5e5b7f-5e5b81 3517->3530 3531 5e5b7a call 5d9180 3517->3531 3532 5e5bc4-5e5be0 call 5c11f3 3530->3532 3533 5e5b83-5e5b8d 3530->3533 3531->3530 3541 5e5cfc-5e5d06 3532->3541 3542 5e5be6-5e5c59 call 5c9bb0 call 5c9940 call 5c1b84 call 5c1be0 call 5cb8a0 call 622bfd 3532->3542 3535 5e5c8d-5e5ccd call 5e6440 3533->3535 3536 5e5b93-5e5ba5 3533->3536 3548 5e5db3-5e5dc0 3535->3548 3549 5e5cd3-5e5cd8 3535->3549 3539 5e5bab-5e5bbf 3536->3539 3540 5e5c83-5e5c8a call 638375 3536->3540 3539->3540 3540->3535 3550 5e5d3a-5e5d67 call 5e6440 3541->3550 3551 5e5d08-5e5d1a 3541->3551 3542->3535 3631 5e5c5b-5e5c6d 3542->3631 3556 5e5dc9-5e5dce 3548->3556 3557 5e5dc2-5e5dc7 3548->3557 3554 5e5cdc-5e5cf7 call 63a3a0 3549->3554 3555 5e5cda 3549->3555 3566 5e5d78-5e5d82 3550->3566 3567 5e5d69-5e5d73 call 5daad0 3550->3567 3558 5e5d1c-5e5d2a 3551->3558 3559 5e5d30-5e5d37 call 638375 3551->3559 3579 5e5e8e-5e5e98 3554->3579 3555->3554 3564 5e5dd1-5e5de5 3556->3564 3557->3564 3558->3559 3559->3550 3570 5e5de7-5e5dec 3564->3570 3571 5e5e30-5e5e32 3564->3571 3566->3535 3578 5e5d88-5e5d94 3566->3578 3567->3566 3572 5e6085 Concurrency::cancel_current_task 3570->3572 3573 5e5df2-5e5dfd call 638713 3570->3573 3574 5e5e64-5e5e86 3571->3574 3575 5e5e34-5e5e62 call 638713 3571->3575 3587 5e608a call 63d60f 3572->3587 3573->3587 3598 5e5e03-5e5e2e 3573->3598 3583 5e5e8c 3574->3583 3575->3583 3578->3540 3584 5e5d9a-5e5dae 3578->3584 3585 5e5e9a-5e5ea6 3579->3585 3586 5e5ec6-5e5eee call 5d9980 3579->3586 3583->3579 3584->3540 3593 5e5ebc-5e5ec3 call 638375 3585->3593 3594 5e5ea8-5e5eb6 3585->3594 3602 5e5f7f 3586->3602 3603 5e5ef4-5e5f34 call 5e6440 3586->3603 3596 5e608f-5e60aa call 63d60f 3587->3596 3593->3586 3594->3587 3594->3593 3612 5e60ac-5e60b6 3596->3612 3613 5e60d8-5e60fc call 5e67b0 3596->3613 3598->3583 3609 5e5f82-5e5f93 GetModuleHandleW 3602->3609 3619 5e5f36-5e5f40 call 5daad0 3603->3619 3620 5e5f45-5e5f4f 3603->3620 3610 5e5f95-5e5fa5 GetProcAddress 3609->3610 3611 5e5fd1 3609->3611 3610->3611 3616 5e5fa7-5e5fc5 GetCurrentProcess 3610->3616 3621 5e5fd3-5e605c call 5e6440 call 5c36db call 5c372a * 3 call 638367 3611->3621 3617 5e60ce-5e60d5 call 638375 3612->3617 3618 5e60b8-5e60c6 3612->3618 3639 5e60fe-5e6106 3613->3639 3640 5e6144-5e6149 3613->3640 3616->3611 3661 5e5fc7-5e5fcb 3616->3661 3617->3613 3624 5e60cc 3618->3624 3625 5e61d4-5e61d9 call 63d60f 3618->3625 3619->3620 3620->3609 3628 5e5f51-5e5f5d 3620->3628 3624->3617 3635 5e5f5f-5e5f6d 3628->3635 3636 5e5f73-5e5f7d call 638375 3628->3636 3631->3540 3632 5e5c6f-5e5c7d 3631->3632 3632->3540 3635->3596 3635->3636 3636->3609 3646 5e613d 3639->3646 3647 5e6108-5e610c 3639->3647 3641 5e618f-5e6197 3640->3641 3642 5e614b-5e6151 3640->3642 3648 5e6199-5e61a2 3641->3648 3649 5e61c0-5e61d3 3641->3649 3651 5e6188 3642->3651 3652 5e6153-5e6157 3642->3652 3646->3640 3655 5e610e-5e6115 SysFreeString 3647->3655 3656 5e611b-5e6120 3647->3656 3659 5e61b6-5e61bd call 638375 3648->3659 3660 5e61a4-5e61b2 3648->3660 3651->3641 3662 5e6159-5e6160 SysFreeString 3652->3662 3663 5e6166-5e616b 3652->3663 3655->3656 3657 5e6132-5e613a call 638375 3656->3657 3658 5e6122-5e612b call 63874c 3656->3658 3657->3646 3658->3657 3659->3649 3660->3625 3667 5e61b4 3660->3667 3661->3611 3668 5e5fcd-5e5fcf 3661->3668 3662->3663 3670 5e617d-5e6185 call 638375 3663->3670 3671 5e616d-5e6176 call 63874c 3663->3671 3667->3659 3668->3621 3670->3651 3671->3670
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E6067
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E6085
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 005E610F
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005E615A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                                                                                                          • String ID: )$0i$4i$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                                                          • API String ID: 3597043392-3830889910
                                                                                                                                                                                                                                                                          • Opcode ID: 3b6912a457d21cc06685871ab0e0f997a21362f6753f41daaa65f3ee347c3c78
                                                                                                                                                                                                                                                                          • Instruction ID: 3b8e2f39d9a70251b1a2e68a4f02c7bc57544bb3a7736fc31b181eab7618e8fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b6912a457d21cc06685871ab0e0f997a21362f6753f41daaa65f3ee347c3c78
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E1F3B09003849FEB28DFA4C84879DBFB6BF51344F24461CE095AB7D2EB759984CB91
                                                                                                                                                                                                                                                                          Function 005DCE00 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 545COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 4050 5dce00-5dd2f7 call 638713 * 6 call 623b8a call 63a920 * 2 call 5e1770 call 5cbbb0 call 5cbed0 4075 5dd32e-5dd3ac call 5c4300 * 5 call 5cba20 4050->4075 4076 5dd2f9-5dd30e 4050->4076 4102 5dd3ae-5dd3b4 4075->4102 4103 5dd414-5dd41d 4075->4103 4077 5dd324-5dd32b call 638375 4076->4077 4078 5dd310-5dd31e 4076->4078 4077->4075 4078->4077 4081 5dd707-5dd71d call 63d60f call 5d9c10 4078->4081 4093 5dd72d-5dd730 4081->4093 4094 5dd71f-5dd72a call 638375 4081->4094 4094->4093 4106 5dd3ed-5dd412 4102->4106 4107 5dd3b6-5dd3c5 4102->4107 4104 5dd41f-5dd434 4103->4104 4105 5dd454-5dd46c call 63a920 call 5dccb0 4103->4105 4108 5dd44a-5dd451 call 638375 4104->4108 4109 5dd436-5dd444 4104->4109 4123 5dd471-5dd481 4105->4123 4106->4105 4111 5dd3dd-5dd3ea call 638375 4107->4111 4112 5dd3c7-5dd3d5 4107->4112 4108->4105 4109->4108 4114 5dd6f8 call 63d60f 4109->4114 4111->4106 4112->4114 4117 5dd3db 4112->4117 4122 5dd6fd call 5c34d0 4114->4122 4117->4111 4128 5dd702 call 5c34d0 4122->4128 4125 5dd4d8-5dd4e9 4123->4125 4126 5dd483-5dd494 4123->4126 4127 5dd4ef-5dd4f5 4125->4127 4125->4128 4126->4122 4129 5dd49a-5dd4a0 4126->4129 4132 5dd4f9-5dd4fd 4127->4132 4133 5dd4f7 4127->4133 4128->4081 4130 5dd4a4-5dd4a8 4129->4130 4131 5dd4a2 4129->4131 4135 5dd4ac-5dd4d6 call 5c40e8 4130->4135 4136 5dd4aa 4130->4136 4131->4130 4137 5dd4ff 4132->4137 4138 5dd501-5dd522 call 5c40e8 4132->4138 4133->4132 4143 5dd527-5dd52f 4135->4143 4136->4135 4137->4138 4138->4143 4144 5dd597-5dd59f 4143->4144 4145 5dd531-5dd537 4143->4145 4148 5dd5a1-5dd5b3 4144->4148 4149 5dd5f0-5dd5f9 4144->4149 4146 5dd539-5dd548 4145->4146 4147 5dd56a-5dd594 4145->4147 4150 5dd54a-5dd558 4146->4150 4151 5dd560-5dd567 call 638375 4146->4151 4147->4144 4148->4149 4152 5dd5b5-5dd5ca 4148->4152 4153 5dd63b-5dd689 call 5c9bb0 call 5c9940 call 5c1b84 call 5c4200 4149->4153 4154 5dd5fb-5dd604 4149->4154 4150->4081 4156 5dd55e 4150->4156 4151->4147 4159 5dd5cc-5dd5da 4152->4159 4160 5dd5e0-5dd5ed call 638375 4152->4160 4175 5dd68d-5dd6f7 call 5c4190 call 5cb8a0 call 622bfd call 5dd740 call 638367 4153->4175 4176 5dd68b 4153->4176 4154->4153 4155 5dd606-5dd61b 4154->4155 4161 5dd61d-5dd62b 4155->4161 4162 5dd631-5dd638 call 638375 4155->4162 4156->4151 4159->4081 4159->4160 4160->4149 4161->4081 4161->4162 4162->4153 4176->4175
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 005DD1E6
                                                                                                                                                                                                                                                                            • Part of subcall function 005CBBB0: std::locale::_Init.LIBCPMT ref: 005CBBFC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DD6C4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                                                                                                          • String ID: $+h$$i$.servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$<i$@i$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$`i$https://$u$*h
                                                                                                                                                                                                                                                                          • API String ID: 655687434-3556281546
                                                                                                                                                                                                                                                                          • Opcode ID: b47874c3098cea4762d097668991e393c028de6e88facc641cb619ce7edc4974
                                                                                                                                                                                                                                                                          • Instruction ID: 9c860980ee438576cee3c6978cf9fd45745e107dc696c9965abda2968006c95e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b47874c3098cea4762d097668991e393c028de6e88facc641cb619ce7edc4974
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D642AE70900745CFEB24CF28DD45BA9BBB5BF54308F00969EE448AB652EB71AAC4CF54
                                                                                                                                                                                                                                                                          Function 005F6560 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 211memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 4187 5f6560-5f658d 4188 5f658f-5f6592 GlobalFree 4187->4188 4189 5f6599-5f659e 4187->4189 4188->4189 4190 5f65aa-5f65af 4189->4190 4191 5f65a0-5f65a3 GlobalFree 4189->4191 4192 5f65bb-5f65c8 4190->4192 4193 5f65b1-5f65b4 GlobalFree 4190->4193 4191->4190 4195 5f65ce-5f65d3 4192->4195 4196 5f668c 4192->4196 4193->4192 4198 5f66cd-5f66d1 4195->4198 4199 5f65d9-5f65de 4195->4199 4197 5f668e-5f6693 4196->4197 4200 5f669f-5f66a4 4197->4200 4201 5f6695-5f6698 GlobalFree 4197->4201 4202 5f66dd-5f66ef 4198->4202 4203 5f66d3-5f66d7 4198->4203 4204 5f65ea-5f65ec 4199->4204 4205 5f65e0-5f65e3 GlobalFree 4199->4205 4208 5f66a6-5f66a9 GlobalFree 4200->4208 4209 5f66b0-5f66b6 4200->4209 4201->4200 4211 5f66fd-5f6704 4202->4211 4212 5f66f1-5f66fb 4202->4212 4203->4202 4210 5f67d0-5f67d2 4203->4210 4206 5f65ee-5f65f0 4204->4206 4207 5f662b-5f6633 4204->4207 4205->4204 4213 5f65f3-5f65fc 4206->4213 4216 5f663f-5f6641 4207->4216 4217 5f6635-5f6638 GlobalFree 4207->4217 4208->4209 4214 5f66bb-5f66cc call 638367 4209->4214 4215 5f66b8-5f66b9 GlobalFree 4209->4215 4210->4197 4218 5f670b-5f672a 4211->4218 4212->4218 4213->4213 4219 5f65fe-5f6618 GlobalAlloc 4213->4219 4215->4214 4216->4210 4221 5f6647-5f664c 4216->4221 4217->4216 4218->4196 4226 5f6730-5f6751 4218->4226 4219->4196 4223 5f661a-5f6629 call 63d660 4219->4223 4225 5f6650-5f6659 4221->4225 4223->4196 4223->4207 4225->4225 4228 5f665b-5f6675 GlobalAlloc 4225->4228 4231 5f675e-5f676b 4226->4231 4228->4196 4230 5f6677-5f6686 call 63d660 4228->4230 4230->4196 4230->4210 4235 5f676d-5f6779 4231->4235 4236 5f6794-5f6798 4231->4236 4237 5f677b-5f677e GlobalFree 4235->4237 4238 5f6781-5f6786 4235->4238 4239 5f67ae-5f67ba 4236->4239 4240 5f679a-5f67a9 call 5f6a70 call 5f6af0 4236->4240 4237->4238 4238->4196 4243 5f678c-5f678f GlobalFree 4238->4243 4241 5f67bc-5f67bf GlobalFree 4239->4241 4242 5f67c6-5f67cb 4239->4242 4240->4239 4241->4242 4242->4210 4245 5f67cd-5f67ce GlobalFree 4242->4245 4243->4196 4245->4210
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F6590
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 005F65A1
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F65B2
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 005F65E1
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,?), ref: 005F660D
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F6636
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,?), ref: 005F666A
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 005F6696
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 005F66A7
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 005F66B9
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F677C
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F678D
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F67BD
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005F67CE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                                                          • String ID: Temp$\$h
                                                                                                                                                                                                                                                                          • API String ID: 1780285237-3624884781
                                                                                                                                                                                                                                                                          • Opcode ID: f5369bab8167903a41b7801c472c15636b72d92ca7daca36b7bd8ee38942094b
                                                                                                                                                                                                                                                                          • Instruction ID: c674876c01522ae46e0d666178d7d2c62d16ecfa18da36d29bf69fe608b6405e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5369bab8167903a41b7801c472c15636b72d92ca7daca36b7bd8ee38942094b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 137138B0E002199BDF10AFA5CC94BBEBBB9BF04704F098559ED05EB245DB79D944CBA0
                                                                                                                                                                                                                                                                          Function 005DE380 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE4A1
                                                                                                                                                                                                                                                                            • Part of subcall function 005DDE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDF0C
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DE3DE
                                                                                                                                                                                                                                                                            • Part of subcall function 005DE0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE161
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DE4FB
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE665
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE6F8
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]$`i$`i]
                                                                                                                                                                                                                                                                          • API String ID: 1670716954-754028655
                                                                                                                                                                                                                                                                          • Opcode ID: 6cc1d8383030585d01c28835f6d4db806784bd6b0c010daa16ecb392760ba7bf
                                                                                                                                                                                                                                                                          • Instruction ID: 93a331bf47299c8d723fcd0a662a87f14883d9992f856320c10233df004ff1d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cc1d8383030585d01c28835f6d4db806784bd6b0c010daa16ecb392760ba7bf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B391D5719002199BDB24EF94DC46BEEBBB9FF55314F0041AEE805A7341EB746A48CFA1
                                                                                                                                                                                                                                                                          Function 005E5A23 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E6085
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 005E610F
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005E615A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID: )$0i$4i$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                                                          • API String ID: 2663709405-3830889910
                                                                                                                                                                                                                                                                          • Opcode ID: fb035e0c35210362a8adb6ec5ab664e4bea2923e443ae6ddbe8d382c2cb7ec83
                                                                                                                                                                                                                                                                          • Instruction ID: 276145383c02d575ce41a468de9e58e0335760908c3c90799e88bdea0dd1e35a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb035e0c35210362a8adb6ec5ab664e4bea2923e443ae6ddbe8d382c2cb7ec83
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05B1B1B09003889BEF18DFA4C94879DBFB6BF55308F24425DE444AB392EB759A84CB51
                                                                                                                                                                                                                                                                          Function 005D4200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000400,00000000,?,EC80BF5C,?,?), ref: 005D4257
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?), ref: 005D42BC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D42F2
                                                                                                                                                                                                                                                                          • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 005D4367
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 005D4375
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D440A
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?), ref: 005D455B
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Filename for process with id , xrefs: 005D44B0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                                                                                                          • String ID: Filename for process with id
                                                                                                                                                                                                                                                                          • API String ID: 563014942-4200337779
                                                                                                                                                                                                                                                                          • Opcode ID: 0da6c50cf1c64e6aa43b58eb6851cf7bffc9b22c04c67350a9425b83d48716ba
                                                                                                                                                                                                                                                                          • Instruction ID: b21a349c901662ab49a4e653d0bee0ea5b8779de778b66517f1342d9be4fbe31
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0da6c50cf1c64e6aa43b58eb6851cf7bffc9b22c04c67350a9425b83d48716ba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D18C70D1021A9FDB20DFA4D855BEEBBB5FF44304F10466EE409A7281EB746A88CF91
                                                                                                                                                                                                                                                                          Function 006600DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0065FE25: CreateFileW.KERNEL32(00000000,00000000,?,00660187,?,?,00000000,?,00660187,00000000,0000000C), ref: 0065FE42
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006601F2
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006601F9
                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 00660205
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0066020F
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00660218
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00660238
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00660385
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006603B7
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006603BE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                          • String ID: ise
                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2173539935
                                                                                                                                                                                                                                                                          • Opcode ID: ea6a81e673bec4603a58c555dc0ea5ad52ee2194c34986e15686557428c6708e
                                                                                                                                                                                                                                                                          • Instruction ID: 8b8b94c29f9848e44c5d7fabf5fc0ad90936ca3663c3e2d6aa6ddee649215ab0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea6a81e673bec4603a58c555dc0ea5ad52ee2194c34986e15686557428c6708e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1A14532A041458FDF199F68DC52BAE3BB2AF0A324F14026DE811EB3A1DB358D56CB55
                                                                                                                                                                                                                                                                          Function 005D3D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 005D3E00
                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 005D3F9C
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005D3FCA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Error retrieving session id for generating log name., xrefs: 005D3E0B
                                                                                                                                                                                                                                                                          • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 005D3F81
                                                                                                                                                                                                                                                                          • UNKNOWN, xrefs: 005D3DD2
                                                                                                                                                                                                                                                                          • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 005D3F97
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                                                                                                          • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                                                                                                          • API String ID: 1186403813-1860316991
                                                                                                                                                                                                                                                                          • Opcode ID: e90ccd7c47f39e5ecfb8be88a37a10f5eea903dcb1d740566c9d81124fc5747c
                                                                                                                                                                                                                                                                          • Instruction ID: 78a7ef57dba340e20d10b99494ca332dcf7bbd4580edfa22c0928d76e3e00439
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e90ccd7c47f39e5ecfb8be88a37a10f5eea903dcb1d740566c9d81124fc5747c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0519271E002069FDB289FB8D8856AEBBB5FF44310F10062FE416D7791E7749A40CBA2
                                                                                                                                                                                                                                                                          Function 00639900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,005E4AA5,005E4AA7,00000000,00000000,EC80BF5C,?,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5,?), ref: 00639989
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,005E4AA5,?,00000000,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5), ref: 00639A04
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00639A0F
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A38
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A42
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(80070057,EC80BF5C,?,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5,?), ref: 00639A47
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A5A
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5,?), ref: 00639A70
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A83
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1353541977-0
                                                                                                                                                                                                                                                                          • Opcode ID: 085c384a2c877c8dfce76b4408a91f99c47e7158eaacf6bdd1ef6e0b81f7d6b9
                                                                                                                                                                                                                                                                          • Instruction ID: be0bde3058f063efe95829415e436e1d559bec6e37375d6eb59ccf8ec0f9966f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 085c384a2c877c8dfce76b4408a91f99c47e7158eaacf6bdd1ef6e0b81f7d6b9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A541F371A00205AFDB10DF68CC45BAEBBAAAB49710F14462EF509E7381DB759800CFF4
                                                                                                                                                                                                                                                                          Function 005DEEC0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005DCCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DCDBB
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005DF0FC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF268
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF307
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$`i
                                                                                                                                                                                                                                                                          • API String ID: 1722207485-952817150
                                                                                                                                                                                                                                                                          • Opcode ID: 089fdfbb175322ee901f846e3a069336b392303d93f59ef182f5b8cb127654ea
                                                                                                                                                                                                                                                                          • Instruction ID: 0eea6af3af78f3b1f45dd97aa1de719d1623ec7b6b7c272df2082b50af99a3c5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 089fdfbb175322ee901f846e3a069336b392303d93f59ef182f5b8cb127654ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1C1B270D002599FDB24EFA8CC49BEEBBB9BF44310F10426EE416A7382DB705A45CB95
                                                                                                                                                                                                                                                                          Function 005C9C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005CE310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 005CE36C
                                                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 005C9DD4
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005CA06D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                                                                                                          • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                                                                                                          • API String ID: 239504998-2017128786
                                                                                                                                                                                                                                                                          • Opcode ID: 6ede27cf8e71e4be4589ccda53388336f3e2e8328721bd102b69f94c41ca8e1c
                                                                                                                                                                                                                                                                          • Instruction ID: c14168909a5882b11d5e3bcf3fe967a450e7961956cec79ad8526047a97ce8c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ede27cf8e71e4be4589ccda53388336f3e2e8328721bd102b69f94c41ca8e1c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3C17871D0024ADFDB04DFA4C949BEEBBB5BF58304F20821DE415BB291EB75AA44CB91
                                                                                                                                                                                                                                                                          Function 005DE0D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE161
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005DE278
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE351
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DE30E
                                                                                                                                                                                                                                                                          • WinHttpCrackUrl failed for AWS: , xrefs: 005DE268
                                                                                                                                                                                                                                                                          • Event Sender already initialized for AWS, xrefs: 005DE137
                                                                                                                                                                                                                                                                          • Unable to open HTTP session for AWS, xrefs: 005DE327
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                                          • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS: $`i
                                                                                                                                                                                                                                                                          • API String ID: 2211357200-2641986571
                                                                                                                                                                                                                                                                          • Opcode ID: dea34e1ae7136473b9dbf9caa944f482de5340d0bd437fac44c0f9158fd5d532
                                                                                                                                                                                                                                                                          • Instruction ID: 02ff677053c4b4af17f3a29de28794717c231bce482f1a17bed445a847a9c019
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dea34e1ae7136473b9dbf9caa944f482de5340d0bd437fac44c0f9158fd5d532
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42618071900709DEDB24EFA4DC49BEABBB9FB44305F00056EE519A7380DB706A48CF95
                                                                                                                                                                                                                                                                          Function 005D6D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 005D6D7B
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D6F75
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D6F88
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                                                                                                          • API String ID: 3676452600-816272291
                                                                                                                                                                                                                                                                          • Opcode ID: 9cf4c8668f0a178d16b55f2c6c7410b469e76affa8af5e7412c8dc47554b7c19
                                                                                                                                                                                                                                                                          • Instruction ID: 11512345495d93d7092d06e262f0a584631e302a251f62e638f3e169b25acace
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cf4c8668f0a178d16b55f2c6c7410b469e76affa8af5e7412c8dc47554b7c19
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A6150B09003068FDB14DFA4D859BAEBFB6BF94304F54419ED805AB382DB759A44CBA1
                                                                                                                                                                                                                                                                          Function 005DDE80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDF0C
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005DDFD7
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE0A2
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • WinHttpCrackUrl failed for Azure: , xrefs: 005DDFC7
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DE05F
                                                                                                                                                                                                                                                                          • Unable to open HTTP session for Azure, xrefs: 005DE078
                                                                                                                                                                                                                                                                          • Event Sender already initialized for Azure, xrefs: 005DDEE2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                                          • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure: $`i
                                                                                                                                                                                                                                                                          • API String ID: 2211357200-1935817250
                                                                                                                                                                                                                                                                          • Opcode ID: 0d6b06424b76a2c4f6cdbff9f238e8ef3284d6b221615bc4a452f5bde61aecca
                                                                                                                                                                                                                                                                          • Instruction ID: 4eb6b86298abb399b3c739d807b0d69bfe0aa65e635dcece91c39c9897ed1754
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6b06424b76a2c4f6cdbff9f238e8ef3284d6b221615bc4a452f5bde61aecca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21516E70900719DFDB24EFA0C859BDABBB9FB44304F00459EE446A7790EBB46A48CF55
                                                                                                                                                                                                                                                                          Function 005D928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005D8FB0: CoCreateGuid.OLE32(?), ref: 005D8FC8
                                                                                                                                                                                                                                                                            • Part of subcall function 005D8FB0: StringFromCLSID.OLE32(?,?), ref: 005D8FE0
                                                                                                                                                                                                                                                                            • Part of subcall function 005D8FB0: CoTaskMemFree.OLE32(?), ref: 005D9138
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D93D1
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                                                                                                          • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                                                                                                          • API String ID: 598746661-2174109026
                                                                                                                                                                                                                                                                          • Opcode ID: a07dee4efbb2d340b478f94c37d44cb5946c6a5c85f05fc6ec8297340db531fc
                                                                                                                                                                                                                                                                          • Instruction ID: f8b71dea69a8ffe21e7eac5fb4de2bcbe448fe41ed7354ae39a818b157e4b85c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07dee4efbb2d340b478f94c37d44cb5946c6a5c85f05fc6ec8297340db531fc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA51A070900205DEDF24EF94D859BED7B75FF91304F50805EE84557281EB74AA48CBA5
                                                                                                                                                                                                                                                                          Function 005D5790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 005D5808
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 005D5828
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005D5830
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 005D5839
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                                                                                                          • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                                                                                                          • API String ID: 1092183831-2777911605
                                                                                                                                                                                                                                                                          • Opcode ID: d6ee9aa4d20ea7ec1ca88a5eda684fd8489d17dbf2bda4c9ae33c9a445279525
                                                                                                                                                                                                                                                                          • Instruction ID: 4c26a6099ae1f0ae1892f6e76e416616d57caf4c267d672ed473b778fbcf2094
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ee9aa4d20ea7ec1ca88a5eda684fd8489d17dbf2bda4c9ae33c9a445279525
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3021F432D006198BDB259FA8D84466EBFB9FB55350F5001ABEC05E7350EB318D049BD0
                                                                                                                                                                                                                                                                          Function 005C4D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C4C8E: GetCurrentProcessId.KERNEL32 ref: 005C4CA6
                                                                                                                                                                                                                                                                            • Part of subcall function 005C4C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 005C4CB8
                                                                                                                                                                                                                                                                            • Part of subcall function 005C4C8E: Process32FirstW.KERNEL32(00000000,?), ref: 005C4CD3
                                                                                                                                                                                                                                                                            • Part of subcall function 005C4C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 005C4CE9
                                                                                                                                                                                                                                                                            • Part of subcall function 005C4C8E: FindCloseChangeNotification.KERNEL32(00000000), ref: 005C4CFA
                                                                                                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 005C4D88
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005C4DD0
                                                                                                                                                                                                                                                                            • Part of subcall function 005C136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C13A5
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 005C4DFC
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 005C4E0D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • CreateMutex failed: , xrefs: 005C4DC2
                                                                                                                                                                                                                                                                          • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 005C4D7F
                                                                                                                                                                                                                                                                          • SaBsi.cpp, xrefs: 005C4DA9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCreateInitIos_base_dtorOnceProcess32std::ios_base::_$BeginChangeCompleteCurrentErrorFindFirstHandleInitializeLastMutexNextNotificationObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                                                                          • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                                                                                                          • API String ID: 2189495138-1117126455
                                                                                                                                                                                                                                                                          • Opcode ID: 8508c9760aa597ce00f78f0f249354189cea5bf1fc27e075ae272f2568d3829d
                                                                                                                                                                                                                                                                          • Instruction ID: dbc5d5922b97857b7eb519ff1bf1e25598d8b66ac49061ff567eb6252871b59a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8508c9760aa597ce00f78f0f249354189cea5bf1fc27e075ae272f2568d3829d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C911BF301143429FD720EFA0D81AFAA7FE9BF81705F004C1CB88547192EB709848CAA7
                                                                                                                                                                                                                                                                          Function 005FE580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Unable to convert XML buffer into wide characters, xrefs: 005FE6BC
                                                                                                                                                                                                                                                                          • a_, xrefs: 005FE6A0
                                                                                                                                                                                                                                                                          • invalid input, xrefs: 005FE5A3
                                                                                                                                                                                                                                                                          • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 005FE5AA, 005FE6C3
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 005FE5AF, 005FE6C8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __cftoe
                                                                                                                                                                                                                                                                          • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$a_
                                                                                                                                                                                                                                                                          • API String ID: 4189289331-2935996857
                                                                                                                                                                                                                                                                          • Opcode ID: bccb49b310395dc2f8a44f8c02cd8e481827cb3f398c4d0321f1ea1cc93b8aba
                                                                                                                                                                                                                                                                          • Instruction ID: 4da4d4c2ff6929a9b4818f90aa1b07988f8e7641384136703ad44886072f8e21
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bccb49b310395dc2f8a44f8c02cd8e481827cb3f398c4d0321f1ea1cc93b8aba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141B4B1A01309AFCB24EF54D842BAEFBE5BF14700F41462DF90A97281DB75A5148794
                                                                                                                                                                                                                                                                          Function 005DCCB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DCDBB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor$`i
                                                                                                                                                                                                                                                                          • API String ID: 539357862-3363034055
                                                                                                                                                                                                                                                                          • Opcode ID: d2a8c3d44eb7ca44a6ed572034d2eb3c627829774078d399c5035f923b998f65
                                                                                                                                                                                                                                                                          • Instruction ID: e222d885a734277d781e1ec8fc136b975c15245df5f1225e47cb6a9d607d16c8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2a8c3d44eb7ca44a6ed572034d2eb3c627829774078d399c5035f923b998f65
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D315E7191024A9EDF14EFE4C956BEDBBB9FB48700F50456EE405B3281EB745A04CB61
                                                                                                                                                                                                                                                                          Function 005C5A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005C5A59
                                                                                                                                                                                                                                                                            • Part of subcall function 005C5C1E: CoCreateInstance.OLE32(0068D808,00000000,00000017,0069B024,00000000,EC80BF5C,?,?,?,00000000,00000000,00000000,00668687,000000FF), ref: 005C5C7A
                                                                                                                                                                                                                                                                            • Part of subcall function 005C5C1E: OleRun.OLE32(00000000), ref: 005C5C89
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 005C5B97
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Failed to set new option. Error , xrefs: 005C5B26
                                                                                                                                                                                                                                                                          • Failed to create Global Options object. Error , xrefs: 005C5AA9
                                                                                                                                                                                                                                                                          • Activation option is set successfuly, xrefs: 005C5B69
                                                                                                                                                                                                                                                                          • i, xrefs: 005C5B5D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                                                                                                          • API String ID: 1362393928-3233122435
                                                                                                                                                                                                                                                                          • Opcode ID: 98cf0562f40e404fa561579343e4a9624a7aecbb96c2f1590b2454cf83af3d93
                                                                                                                                                                                                                                                                          • Instruction ID: 005d433950bd422a12120e3a18ca64f761926eb6cdfbe4084d7719e52bc88a31
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98cf0562f40e404fa561579343e4a9624a7aecbb96c2f1590b2454cf83af3d93
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F313A7091061ACEDF04EBE4CC5AFEDBB75BF94304F40459CA50167182EB746E49CEA6
                                                                                                                                                                                                                                                                          Function 005E4B40 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 562COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E5182
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E521E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: 8i$Invalid arguements passed to AddDimension$N
                                                                                                                                                                                                                                                                          • API String ID: 4106036149-3851568204
                                                                                                                                                                                                                                                                          • Opcode ID: ae95fdc71d357b87239372909d99bae0e544bee168f83b963dd240ce56468be6
                                                                                                                                                                                                                                                                          • Instruction ID: 136e6de719c6bf74332cba4d7cdf3bd86290c98f37c855628a4d1b859b2f559b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae95fdc71d357b87239372909d99bae0e544bee168f83b963dd240ce56468be6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE32A070D003999FDB28CF65C844B9DBBF2BF45304F14829DE499AB292E775A984CF81
                                                                                                                                                                                                                                                                          Function 006422D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00642461
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0064247D
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00642494
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006424B2
                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 006424C9
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006424E7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                          • Opcode ID: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
                                                                                                                                                                                                                                                                          • Instruction ID: 7023279e8cf7d5ea2448e987f9adfe62a6769c93818672794ba1621c3c0d22f3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E81E272A00703ABE7259F28CC91BAAB3FBAF44760F64412EF411D7381E774DA458794
                                                                                                                                                                                                                                                                          Function 005F8650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 005F882F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 005F8AF6
                                                                                                                                                                                                                                                                          • Failed to create log message string. Error 0x, xrefs: 005F89CF
                                                                                                                                                                                                                                                                          • *h, xrefs: 005F89A7
                                                                                                                                                                                                                                                                          • $+h, xrefs: 005F87F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                                                                                          • String ID: $+h$Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp$*h
                                                                                                                                                                                                                                                                          • API String ID: 1620887387-2156399315
                                                                                                                                                                                                                                                                          • Opcode ID: 87882fbf315e9f39fb5b1888386c05e4225d533b12db2592e8bfefbaf8ee08f3
                                                                                                                                                                                                                                                                          • Instruction ID: b054c0af7fbedc87f9a2837d7467d0a6a15c0feea1f5f41a32f3bebfc9b9d11b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87882fbf315e9f39fb5b1888386c05e4225d533b12db2592e8bfefbaf8ee08f3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5E13B71A00259CFDB24CF58C895BAEBBB5FF48304F14859AE509A7281DB75AA84CF90
                                                                                                                                                                                                                                                                          Function 005D07C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 005D085F
                                                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 005D0903
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 005D0A26
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D1020
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 005D08FE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                                          • API String ID: 4147401711-3078421892
                                                                                                                                                                                                                                                                          • Opcode ID: 9fe05dc364947306bcb73eeeecfef356935186e6de34ca80e1d972344572bdbf
                                                                                                                                                                                                                                                                          • Instruction ID: 9dc50df0a4ac1b9e8343b54e0d461d0dc4ea5632a7ff27f1c28bb059fad31b42
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe05dc364947306bcb73eeeecfef356935186e6de34ca80e1d972344572bdbf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1061F2719002549FDB28DF68CC89BEEBBB5FF44304F0045AEE44997792D778AA84CB94
                                                                                                                                                                                                                                                                          Function 005C7F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Xtime_get_ticks.LIBCPMT ref: 005C7FAA
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C7FBC
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C7FD0
                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C7FE2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                                                                                                          • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                                                                                                          • API String ID: 3638035285-2843400524
                                                                                                                                                                                                                                                                          • Opcode ID: e34651508aa4f5470e81136f90021db147c6fa5ddd0ae026cc2aa232facfe6c6
                                                                                                                                                                                                                                                                          • Instruction ID: db08e5d28bf8389490a30d8b2110d96a57ec41afd0d911178047dfee07bbeb95
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e34651508aa4f5470e81136f90021db147c6fa5ddd0ae026cc2aa232facfe6c6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07316E71E40214AFDB10DFA4CC86FAEBBF9EB84B50F10412DF504AB381DB74A9048B95
                                                                                                                                                                                                                                                                          Function 00664DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                                                                                                          • API String ID: 0-2843747179
                                                                                                                                                                                                                                                                          • Opcode ID: baf24c4246ca5fd209b8f324fbb8c39e310df1e027ff494f3a6459578c20cea0
                                                                                                                                                                                                                                                                          • Instruction ID: 83c01d977e9a3e67ea65898b26a083934f74a4e27d2fdb259d2ebe9520f5ed68
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baf24c4246ca5fd209b8f324fbb8c39e310df1e027ff494f3a6459578c20cea0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AD1B071D00219DFCF10DFE4C885AEEBBBAFF49314F540529E816A7291E734AA05CBA1
                                                                                                                                                                                                                                                                          Function 006039A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 133registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,EC80BF5C,00000000,00000001), ref: 006039FC
                                                                                                                                                                                                                                                                            • Part of subcall function 00602820: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,EC80BF5C,00000000,00000001,?), ref: 006028AC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoOpenQuery
                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                                                                                                          • API String ID: 165108877-1550987622
                                                                                                                                                                                                                                                                          • Opcode ID: e7b6c1d8f20e836be60bf42c4d34f8abfc8cdf4ff920ff552cecf0a82a585da6
                                                                                                                                                                                                                                                                          • Instruction ID: 763801be3c282e27a3b97ca97657b220a75a29077b9b2f8a87abbee92d91ed6d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7b6c1d8f20e836be60bf42c4d34f8abfc8cdf4ff920ff552cecf0a82a585da6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB519E71D40258AFDB24DBA0CD49BDEBBB9AF58704F000199F409B7281DB74AB88CF90
                                                                                                                                                                                                                                                                          Function 005FFBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0069BFD0,00000000,0069BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0069BFD0,00000000,EC80BF5C), ref: 005FFC1D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Destination directory does not exist, xrefs: 005FFC8F
                                                                                                                                                                                                                                                                          • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 005FFC99
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 005FFC9E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                          • String ID: Desusertion directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                                                                                                          • API String ID: 3188754299-3555079292
                                                                                                                                                                                                                                                                          • Opcode ID: 587ba453bf9980e3f3432f963981b8e29d2554d8c6093116543f09b91e32363b
                                                                                                                                                                                                                                                                          • Instruction ID: afdb6510c0dac468f1e7fa3b5ba41ad9cb71b1eebbbc5e9a5c9892ab6c1acf9e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 587ba453bf9980e3f3432f963981b8e29d2554d8c6093116543f09b91e32363b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61213C71E0021C9BCF00DFA8D846AEEBBF5BF48710F01426AFD05A7280D7749A45CB90
                                                                                                                                                                                                                                                                          Function 005ECC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005ECCBB
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005ECCEC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                                          • String ID: Pi$Unable to set proxy option, error:
                                                                                                                                                                                                                                                                          • API String ID: 879576418-2325616981
                                                                                                                                                                                                                                                                          • Opcode ID: 2b62b8cd9b3dcec4198986e75be35466f7c541f924d1481c3cc556f1011d7b8f
                                                                                                                                                                                                                                                                          • Instruction ID: dd1ebde2395e527cbd193d8d264be5efd6931cb021bb675e44291ab7a967a9b0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b62b8cd9b3dcec4198986e75be35466f7c541f924d1481c3cc556f1011d7b8f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D317371904359DFDB24DFA0DC09FAEBBB9FB04710F10856DE815A3690EB719A44CB51
                                                                                                                                                                                                                                                                          Function 005CDC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 005CE367
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                                          • API String ID: 0-3078421892
                                                                                                                                                                                                                                                                          • Opcode ID: b753590117192edf90a03ed7798e35bb5542df216e47d86e8e1ac9f257b11972
                                                                                                                                                                                                                                                                          • Instruction ID: 7a435743536f4597a77987154a3efdbe2ead10ee20d6df13d2635a61dee3831d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b753590117192edf90a03ed7798e35bb5542df216e47d86e8e1ac9f257b11972
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 082204719002099FDB14DFA4DC89BEDBBB6FF84304F10469DE409A7791DB75AA84CB90
                                                                                                                                                                                                                                                                          Function 005CE310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 005CE36C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 005CE367
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                                          • API String ID: 3907675253-3078421892
                                                                                                                                                                                                                                                                          • Opcode ID: 28dbe64d70ff789947856856731251b74ec7fac238d78690c16cf9fa4656cd25
                                                                                                                                                                                                                                                                          • Instruction ID: d8c425ea1b33098c8da537325322738b56029d57ac133b7d63d4ae745942094f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28dbe64d70ff789947856856731251b74ec7fac238d78690c16cf9fa4656cd25
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7581CD309012599FDB24DF64DC89B9DBBB6BF85308F1046DCE008A7291EB79AA84CF54
                                                                                                                                                                                                                                                                          Function 00655FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0065576D: GetConsoleCP.KERNEL32(?,005F860A,00000000), ref: 006557B5
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,006AC218,EC80BF5C,00000000,EC80BF5C,005F860A,005F860A,005F860A,EC80BF5C,00000000,?,0064591E,00000000,006AC218,00000010), ref: 00656129
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0064591E,00000000,006AC218,00000010,005F860A), ref: 00656133
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00656178
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 251514795-0
                                                                                                                                                                                                                                                                          • Opcode ID: e18282f2d062358ebcfcf323580c8ab85c7b52537b990af4ac425c9b2591cd17
                                                                                                                                                                                                                                                                          • Instruction ID: 8adcedf82d1d04b016d8c6314e35000d035260535e55834afc47071491f8840c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e18282f2d062358ebcfcf323580c8ab85c7b52537b990af4ac425c9b2591cd17
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D51C271A00609AFDB209FA8CD45BEEBBBBEF09316F440055F800A7292D6719D49C7A0
                                                                                                                                                                                                                                                                          Function 005CE640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000,EC80BF5C,0000005C,?,?,?,?,00000000,0066952D,000000FF,?,005CE09D), ref: 005CE681
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,0066952D,000000FF,?,005CE09D), ref: 005CE738
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,0066952D,000000FF,?,005CE09D), ref: 005CE742
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 674977465-0
                                                                                                                                                                                                                                                                          • Opcode ID: d28ea07e2c805a410dbb7c876a1036db0c8802589bd01fa90e3692b3df7ffd7a
                                                                                                                                                                                                                                                                          • Instruction ID: e1baa00335e79ca5374245fb4ea5fda09faff961235dde5b73ffae1009a4da5a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d28ea07e2c805a410dbb7c876a1036db0c8802589bd01fa90e3692b3df7ffd7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4331F671900244DFDB28DFA8E986F9EBBF5FF45714F10466DE80593680D7356944CBA0
                                                                                                                                                                                                                                                                          Function 00621F70 Relevance: 4.6, APIs: 3, Instructions: 104encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 0062206C
                                                                                                                                                                                                                                                                          • CertVerifyCertificateChainPolicy.CRYPT32(00000003,?,?,?), ref: 006220A4
                                                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(?), ref: 006220D0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CertCertificateChain$FreePolicyVerify
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1741975133-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6433ec7d9c451965586e86e0605ade3fba61470914ce990b59150da9fece8d1b
                                                                                                                                                                                                                                                                          • Instruction ID: f8665b42cffa86116be93f568415dd0fcf3ea12500f056486338c6cb3e0498e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6433ec7d9c451965586e86e0605ade3fba61470914ce990b59150da9fece8d1b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A418CB0508395ABD720CF54D894BEBBBE9BF89704F04091DF58897290E775E588CF62
                                                                                                                                                                                                                                                                          Function 00656B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000,00000000,005F860A,?,00656A9A,005F860A,006AC5B8,0000000C,00656B4C,006AC218), ref: 00656BC2
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00656A9A,005F860A,006AC5B8,0000000C,00656B4C,006AC218), ref: 00656BCC
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00656BF7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 490808831-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0a59c845e007c2ac3feffd02b22d44de06c2e0b4ecc57117e2d82ca013f7cc89
                                                                                                                                                                                                                                                                          • Instruction ID: 2c680058bd068f668a83b68551879fea1e593e9abd6efd814656ca25c32b2d9c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a59c845e007c2ac3feffd02b22d44de06c2e0b4ecc57117e2d82ca013f7cc89
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D0104726091601AC7246374E846BBE2B4B9F8673AFA5034DFD19DB2D2DA218C8DC195
                                                                                                                                                                                                                                                                          Function 006568F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,0065F765,00000008,00000000,?,?,?,006569A3,00000000,00000000,?,0065F765), ref: 0065692F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,006569A3,00000000,00000000,?,0065F765,?,0065F765,?,00000000,00000000,00000001,?,00000008), ref: 00656939
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00656940
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                          • Opcode ID: f7c0bc87af37ff5788b703b13bb75da166e49495ede815cb577c9adb97cb1484
                                                                                                                                                                                                                                                                          • Instruction ID: cdfe9de9d8c45754f4c3b48e0f9bc916f8551cf8b53922d7890da3223a91c36d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7c0bc87af37ff5788b703b13bb75da166e49495ede815cb577c9adb97cb1484
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F01FC32610515AFCB059FA9DC468AE3B2FEBC5321F640248FC1197290EB71DD45C7A0
                                                                                                                                                                                                                                                                          Function 00653E2F Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00652174: RtlAllocateHeap.NTDLL(00000000,?,?,?,0063872D,?,?,005CA1ED,0000002C,EC80BF5C), ref: 006521A6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00653E42
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00653E68
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00653E98
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$Heap$AllocateErrorFreeLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4150789928-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7ba5b84415015eeb7e893a622acc866c28c90c4cbfa070f76daa69253d81a35e
                                                                                                                                                                                                                                                                          • Instruction ID: 95ae7ce7bfb901761699594e40e2d51def8e137630dbb4139c14561192f5f7e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba5b84415015eeb7e893a622acc866c28c90c4cbfa070f76daa69253d81a35e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F0D63380013A56CF66A624AC42AEE63A64F42F92F14029EED85B2381DE214E8D8694
                                                                                                                                                                                                                                                                          Function 005E4A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 005E4AD2
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(-00000001), ref: 005E4AFD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeString_com_issue_error
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 709734423-0
                                                                                                                                                                                                                                                                          • Opcode ID: d4b96e0e82f3a3e784e368fa37e76e8afd2478e703c7c3d920d233401b59a898
                                                                                                                                                                                                                                                                          • Instruction ID: 709be3da760fde7110be1652d2c753037f48e9e5016ea45b6c5ada6d9e755523
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b96e0e82f3a3e784e368fa37e76e8afd2478e703c7c3d920d233401b59a898
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A721C4B1900751ABE7249F55C805B5AFBE9EF41B20F24472EF86597680EBB4E840CBD4
                                                                                                                                                                                                                                                                          Function 00655BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,005F860A,00000000,?,0065610D,005F860A,005F860A,00000000,006AC218,EC80BF5C,005F860A), ref: 00655C8C
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0065610D,005F860A,005F860A,00000000,006AC218,EC80BF5C,005F860A,005F860A,005F860A,EC80BF5C,00000000,?,0064591E,00000000,006AC218), ref: 00655CB2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                                                                                                          • Opcode ID: 261afee6b65d7aed70cef13ad5fe56a6ef35ba6b4ec2be2a79eb8993db19f3dd
                                                                                                                                                                                                                                                                          • Instruction ID: f8ccc274e3411de9b267b67749401dd2135c515635ec5cbcbee6a3c9791dd020
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 261afee6b65d7aed70cef13ad5fe56a6ef35ba6b4ec2be2a79eb8993db19f3dd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23218030A002189FCB19DF29DC949E9B7BAEB48302F5440ADE946D7311D630DE868BA4
                                                                                                                                                                                                                                                                          Function 005C9BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                          • InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 51270584-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6f53ce877498fc674a0eefdc244eb3289f00e222b8fc93022b2921a6589b2892
                                                                                                                                                                                                                                                                          • Instruction ID: 1836ff151d115e2c847e5eda2b819ba3537d4c4ec8fcfc8bc61f18802b1c191d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f53ce877498fc674a0eefdc244eb3289f00e222b8fc93022b2921a6589b2892
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B0184B0A406499FE714EF94CC0AFBAB7B9FB04B04F10062DB515972C1DF745944CB95
                                                                                                                                                                                                                                                                          Function 006399E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,005E4AA5,?,00000000,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5), ref: 00639A04
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00639A0F
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A38
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A42
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(80070057,EC80BF5C,?,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5,?), ref: 00639A47
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A5A
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,?,0063BE00,006ABF08,000000FE,?,005E4AA5,?), ref: 00639A70
                                                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00639A83
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 878839965-0
                                                                                                                                                                                                                                                                          • Opcode ID: ba24fbc850cc943ec6361769c149de3e38cf34a89f3cc34ccf7b16fc3268c396
                                                                                                                                                                                                                                                                          • Instruction ID: 40937e604d91d469c156a4316df5c15b50ea3ffa1e116ca6e7f806e0f9d494eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba24fbc850cc943ec6361769c149de3e38cf34a89f3cc34ccf7b16fc3268c396
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D401AD72F042189FDB208FA49C82BEEB7B6EF4C720F000229EA0567381CB715800CBE4
                                                                                                                                                                                                                                                                          Function 0064ED5C Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: f7e881bd90d3a7c7d66df272815b0587b6990ca5d1fd5c53f8d7d03b1bce6697
                                                                                                                                                                                                                                                                          • Instruction ID: 63b53c8e70e834a2e88dcd78c34c46f4f32467af8c04a4a80fa4e3b22f4f14e5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7e881bd90d3a7c7d66df272815b0587b6990ca5d1fd5c53f8d7d03b1bce6697
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E0E56294692159E3712B3EAC056AA1687AFC2332F11032EF820862D0DF30488A8999
                                                                                                                                                                                                                                                                          Function 005EDEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SHDeleteKeyW.SHLWAPI(?,0069BFD0,?,005EDE7B), ref: 005EDED6
                                                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(?,?,005EDE7B), ref: 005EDEE4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseDelete
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 453069226-0
                                                                                                                                                                                                                                                                          • Opcode ID: fb99cd4cf2ab9de018e17b94e06bf150ce017628722a791b239cc6c28858aabd
                                                                                                                                                                                                                                                                          • Instruction ID: a3d090e9d736729e671dfbfd971fd868790a0d3299acae78dbf8be3a4074582c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb99cd4cf2ab9de018e17b94e06bf150ce017628722a791b239cc6c28858aabd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE0E570504B518AD7348B29F808B43BBE8AB08714F04C88EA4AAD6A90C3B8E884CB54
                                                                                                                                                                                                                                                                          Function 005CDEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,EC80BF5C,?,?), ref: 005CDF08
                                                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 005CE36C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4077199523-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9ad71fd5d744fb6dafa77fc23ac34e384cba43afe42881b0adfd724db58c89b2
                                                                                                                                                                                                                                                                          • Instruction ID: b7526fbcd1776ec546b62585be9ff695139b00e2050b6bdc017c36b26629c479
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ad71fd5d744fb6dafa77fc23ac34e384cba43afe42881b0adfd724db58c89b2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC115319002149FCB28DFA8DD8AB9DBBB2FF85304F10869DD44997691DB75AA84CF90
                                                                                                                                                                                                                                                                          Function 0065627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5f3e25f103a3507692a0fdcffc3e1de1c688f984ccd42f2369a53b87ebf3d311
                                                                                                                                                                                                                                                                          • Instruction ID: ed6935abdb33ade4bbf54e5b37ee149906aa8320922d4739b32312076727f34d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f3e25f103a3507692a0fdcffc3e1de1c688f984ccd42f2369a53b87ebf3d311
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E41D371A00104AFDB10DF58C881AADBBB3EB89365F68916CF8499B351D7719D4AC790
                                                                                                                                                                                                                                                                          Function 0065732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                          • Opcode ID: f63aa9d42987278efef1d6a04d213f3f7f847019ae669ea84ed09c9c025107c4
                                                                                                                                                                                                                                                                          • Instruction ID: b01db8a8b5d68a46fffe3bd1c769300e563720df74fbc3ae90f5ce7265aaedac
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f63aa9d42987278efef1d6a04d213f3f7f847019ae669ea84ed09c9c025107c4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE1145B1A0420AAFCF05DF58E94599F7BF5EF48304F004069F809EB351D630EA15CBA4
                                                                                                                                                                                                                                                                          Function 00645854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                                                          • Instruction ID: 965a000284ccaebe49cd38ae74d7be04ebe95eb96f9c298ab10da5708e5948fc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0F432501A245FDB213629DC0579B329B9F42336F10071DFC22A72D3CF74D80AC699
                                                                                                                                                                                                                                                                          Function 005EDF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 005EDF45
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0983fd78d5fba605b891e787a98d0ae614959f4827c21f91956e8abd3a408a7d
                                                                                                                                                                                                                                                                          • Instruction ID: ebc3127267e7a1e599296db005e5db7ec80e3be9a463538468cd6fe9a208bd2b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0983fd78d5fba605b891e787a98d0ae614959f4827c21f91956e8abd3a408a7d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9017C35500209EBCB15CF45C804F9EBFB9FF98310F108099F84597350D771AA64DB90
                                                                                                                                                                                                                                                                          Function 00606050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00606061
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1174141254-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1ffa1eb5f332a5c48f1d01e4e1fd84a620473457b495e0e437f666d1beee07cc
                                                                                                                                                                                                                                                                          • Instruction ID: 7d6ac79e1bf0896e5b615e8e7d939121371860b08befa1ca5b9b9ccf4dfd0cae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ffa1eb5f332a5c48f1d01e4e1fd84a620473457b495e0e437f666d1beee07cc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF06D312002008BC718DF69D858B5BBBFAEF89714F00855DE44ACB661D775FA45CBA1
                                                                                                                                                                                                                                                                          Function 00652174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,0063872D,?,?,005CA1ED,0000002C,EC80BF5C), ref: 006521A6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 450f927240a3d23b69c52f57761fc51bf93ef55108ebc99d024708a968b588dc
                                                                                                                                                                                                                                                                          • Instruction ID: e628f65908efc6f8aa5c5a57623e067c03cbbdf58eb8ba8ae11c930847b7257e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 450f927240a3d23b69c52f57761fc51bf93ef55108ebc99d024708a968b588dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2E0ED31200A226AEB3036219C20BEB366B9B433E2F115220AF059A390CB20CC8D81E4
                                                                                                                                                                                                                                                                          Function 005EE500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 005EE51F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                                                                          • Opcode ID: dac93591b14dee537933473e7c26f88df7aff4064e04e0f07a2045658dd4e93a
                                                                                                                                                                                                                                                                          • Instruction ID: 70744ae3b9450341b2d870560025a5255c1c273f6de98160961a277bf6068be3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dac93591b14dee537933473e7c26f88df7aff4064e04e0f07a2045658dd4e93a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F05E31600208ABDB248F0ADC04F5EBBA9EF95710F10849EF84997250D6B1AA108B94
                                                                                                                                                                                                                                                                          Function 005C136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C13A5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 323602529-0
                                                                                                                                                                                                                                                                          • Opcode ID: 74b2a28690c97ef9badf7d2249ed0118c36e98b954c8a9291c29cab138064d69
                                                                                                                                                                                                                                                                          • Instruction ID: 40e608a0556862846b6c60087bc6277ae1d0a3d40e0e2f7cb97b0a593e57d5fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74b2a28690c97ef9badf7d2249ed0118c36e98b954c8a9291c29cab138064d69
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF0E572904654AFD7049F44DC11F9AB7EDEB09B20F10062EF81193380DB7469048A94
                                                                                                                                                                                                                                                                          Function 00664D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000,?,00664E6A,00000000,00000000,-00000002,EC80BF5C,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,006844E4), ref: 00664D92
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7c12f76324ab67095db4a0b21197b0dee06a02570892834ff4ae126348543243
                                                                                                                                                                                                                                                                          • Instruction ID: 65b20ef8b1e131bfdbd414526a7dbe47230e2425e70511fddf23c5374dadcfb7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c12f76324ab67095db4a0b21197b0dee06a02570892834ff4ae126348543243
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D0A7315102081BAF541E7CD4696F6334EAD4176474C0650F41EC62D4EE31ECD29110
                                                                                                                                                                                                                                                                          Function 005EED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 005EED2F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9494492867a420a500bba0e7311ad59fa9f0e32022f9553ef3202fe268718d51
                                                                                                                                                                                                                                                                          • Instruction ID: 806fc6d6fa4f41a11e2894f25bde4691f49b793026ef8b1283d5566464594a4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9494492867a420a500bba0e7311ad59fa9f0e32022f9553ef3202fe268718d51
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E0123525014CEBDB048E85ED41F677B2BFB94700F10C415F9484A195C373DC71ABA0
                                                                                                                                                                                                                                                                          Function 0065FE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,00660187,?,?,00000000,?,00660187,00000000,0000000C), ref: 0065FE42
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2d46e043dda3af91f2427c3cc083e8fd6681cf54e1f8f3112898ab2546e86be9
                                                                                                                                                                                                                                                                          • Instruction ID: 2f4291a7c6ae7fd9d7706291472c78b873e64dd0d6c22dc32cfa9b1c5188b6fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d46e043dda3af91f2427c3cc083e8fd6681cf54e1f8f3112898ab2546e86be9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92D06C3200010DFBDF028F84DD06EDA3BAAFB4C714F014040BA1856060C772E971AB91
                                                                                                                                                                                                                                                                          Function 0062269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00622743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00622743
                                                                                                                                                                                                                                                                            • Part of subcall function 00622743: AcquireSRWLockExclusive.KERNEL32(?,006228F1), ref: 00622760
                                                                                                                                                                                                                                                                          • DloadProtectSection.DELAYIMP ref: 006226C5
                                                                                                                                                                                                                                                                            • Part of subcall function 0062286C: DloadObtainSection.DELAYIMP ref: 0062287C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1209458687-0
                                                                                                                                                                                                                                                                          • Opcode ID: e7191ee788d12e89c4007dd654995fb48d7ae790d4f851c56bdf433ec1b48e5d
                                                                                                                                                                                                                                                                          • Instruction ID: 73485a5d12a43abade0d8c9938e9830fb97b8aa44917c2be5b870bee2ad5c227
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7191ee788d12e89c4007dd654995fb48d7ae790d4f851c56bdf433ec1b48e5d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFD0C9B1918A627AC791BB16F8AA7A4225BA314700F505505B505951B4C7AA88C18F2A
                                                                                                                                                                                                                                                                          Function 005EE8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 005EE8D4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: QueryValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3660427363-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6144fc53ea570a7719ea10b690989bc14d677effc2c1b981fc5d787395505b0a
                                                                                                                                                                                                                                                                          • Instruction ID: 34e621ec05b8ffb65ce894f07255e6c6579ba385d09e611a9a027ad94dd55f99
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6144fc53ea570a7719ea10b690989bc14d677effc2c1b981fc5d787395505b0a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21D0CA3200020CBBCF024F80ED01E8A3F2AEB0A320F048401FA0808061C3B39470ABA0
                                                                                                                                                                                                                                                                          Function 0063E960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1353095263-0
                                                                                                                                                                                                                                                                          • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                                                          • Instruction ID: bf639da522283f5cce5dcc622fc0777f6d01b2c3f91d9d81bd0cb2216f7ae0e4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EC08C3100020CBBCB009B41C806A4E7BA9DB80364F200048F80117280CAB1EE089680
                                                                                                                                                                                                                                                                          Function 00614C69 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: f7c17602fcadaf3d1ec389692f46cec4eca72cc8ca080ab53e5eb21c560d9fe0
                                                                                                                                                                                                                                                                          • Instruction ID: 148442a312717aabb191e2a4699617cf5b517c4964639f42d2c196e55d68f6b4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7c17602fcadaf3d1ec389692f46cec4eca72cc8ca080ab53e5eb21c560d9fe0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51B012D525D501BD324432116D06CF7010FC5C1B11B30411EF401C004098410CC654B1
                                                                                                                                                                                                                                                                          Function 00614CEA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4afcfb7a2917a37a43ee977754f345afc0dc849b328b1e098ee7ad7b3416c3aa
                                                                                                                                                                                                                                                                          • Instruction ID: 198a2fdd44f7f604e4dc448ce92eb87342c842b8b69231c278cfe985368198ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4afcfb7a2917a37a43ee977754f345afc0dc849b328b1e098ee7ad7b3416c3aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DB012C125D401BD328471056E02CF7011FC2C1B11B30801EF105C1140D8410CC35532
                                                                                                                                                                                                                                                                          Function 00614CFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: f15ed54c9bd2be6a42c47d37cfe67dddc0a9e2ec1837c0bfb7f584f418ec2897
                                                                                                                                                                                                                                                                          • Instruction ID: 9dcdb222ddfc71a328a2ab8901fb0512bdc1356b3dcdb0a5d3655b2788c722e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f15ed54c9bd2be6a42c47d37cfe67dddc0a9e2ec1837c0bfb7f584f418ec2897
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34B012C125D401BD318471056D02DF7012FD1C2B11B30401EF005C1140D8400CC29532
                                                                                                                                                                                                                                                                          Function 00614CCA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2dfc6c2889f4208e4133a1b38ffe1875e7f89c6f9e07b700f7046bd1f68c6093
                                                                                                                                                                                                                                                                          • Instruction ID: 29712a818cdac878465de59090d0d50e688bbaadb193b36a1f5e5d335587cbfe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dfc6c2889f4208e4133a1b38ffe1875e7f89c6f9e07b700f7046bd1f68c6093
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13B012C125D411FD318471096D02CF7011FC1C1B11B30801EF405C1140D8800CC25532
                                                                                                                                                                                                                                                                          Function 00614CDA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: c1fa0c5b292f0c51addc525b5edc1317723e31294c8ea23b1c7649174021f701
                                                                                                                                                                                                                                                                          • Instruction ID: 062b3fd76c2e5c9ace779b7da0d3867f0ae354d7d1d8aa032b497e4bff43cb49
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1fa0c5b292f0c51addc525b5edc1317723e31294c8ea23b1c7649174021f701
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52B012C125D501BD328472056D02CF7011FC1C5B11F30411EF405C1150D8400CC65532
                                                                                                                                                                                                                                                                          Function 00614CAA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9f8f99411407f5cf1358484a0cc087e40e5dcaa2cba3586c53685937a51744da
                                                                                                                                                                                                                                                                          • Instruction ID: c0220a535938504503dc2bd1329ba4aec33ee518793534b6c0143316c0e8843a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f8f99411407f5cf1358484a0cc087e40e5dcaa2cba3586c53685937a51744da
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3B012C125D4017D328471056D02DF7011FD2C1B11B30801EF205C21C0D8410CC35531
                                                                                                                                                                                                                                                                          Function 00614CBA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 65f8a2f837076c9528be961a7621e1882735d21c831b467636a9583bd71521fa
                                                                                                                                                                                                                                                                          • Instruction ID: 1d5424bb3bf96f813559bd243e26c13a02026cc1b008316f0b66fe106b9f73eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65f8a2f837076c9528be961a7621e1882735d21c831b467636a9583bd71521fa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4B012C125D411BD318471056C02CF7010FC5C1B11B31801EF405C1150D8410CC25971
                                                                                                                                                                                                                                                                          Function 00614C8A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0b8dbccfe9cd18563acfec1088578f6099fa78814ba0be6a716cc75ca98a8038
                                                                                                                                                                                                                                                                          • Instruction ID: d6db00c22f2c190725bdbf3e2f4df6f9a67011424d114e244384ac8cb4a58bb2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b8dbccfe9cd18563acfec1088578f6099fa78814ba0be6a716cc75ca98a8038
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBB012C125D412BD31847105AC02CF7011FC1C1B11B30841EF505C2180D8400CC25531
                                                                                                                                                                                                                                                                          Function 00614C9A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614C81
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8297e9d7b78128a25a3e8de16d0632c404690ad5e023c715b8f7f787c534ebc2
                                                                                                                                                                                                                                                                          • Instruction ID: 09710cb3ecf4541bbbc37f190ce47be3843f36eadf198de7a1b50283fc9749e1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8297e9d7b78128a25a3e8de16d0632c404690ad5e023c715b8f7f787c534ebc2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DB012C125D5017D328472056C02CF7011FC1C1B11B30411EF505C2180D8400CC65535
                                                                                                                                                                                                                                                                          Function 00614D61 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2ac044a9c96875ccaa1fffa31da28c25073fc66cbbc3a7ccc50abf479db30da6
                                                                                                                                                                                                                                                                          • Instruction ID: 5341b82d021df4263bfb9e0a8e505d05a732deb055f7e7c1f8b338e2109fd81b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ac044a9c96875ccaa1fffa31da28c25073fc66cbbc3a7ccc50abf479db30da6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73B012C1658511BC39447505BC02CB7022FC5C1F10330802EF905C1240D8400CC2D531
                                                                                                                                                                                                                                                                          Function 00614D6B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2d201b345123c4c14d7e47de11e3b502f6756ac3ad70f0ffd38c3224903ec29a
                                                                                                                                                                                                                                                                          • Instruction ID: 3b6448b5e18b24adc77dcf577942cbd1bf051a08103a533b0543c1640b8f4f60
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d201b345123c4c14d7e47de11e3b502f6756ac3ad70f0ffd38c3224903ec29a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B012C176C5017C36487605BC02CF7022FC5C1F10330412EF805C1240D8400CC69531
                                                                                                                                                                                                                                                                          Function 00614D75 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 663061bbb793ac3e6c6954dff00401e06ef534d6b45fa50b688977cd79a85c95
                                                                                                                                                                                                                                                                          • Instruction ID: 0c65615b5aacaadb07d8bd2018e3dc5331c074333afc405adcf99fd1d006eaf1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 663061bbb793ac3e6c6954dff00401e06ef534d6b45fa50b688977cd79a85c95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8B012C1658411BC39447505BC02CB7022FC5C1F10330C02EFA05C1240D8400CC69631
                                                                                                                                                                                                                                                                          Function 00614D7F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0f7bdbf0b13af0884ec9dea5b5f5e93fcdd9ff9b7d2973a7ca1251abe273efce
                                                                                                                                                                                                                                                                          • Instruction ID: 11d5e5cdcbd24fbe82474fcfe7b4712fa7b4c3f3395450a3e6c64f77c2e5434c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f7bdbf0b13af0884ec9dea5b5f5e93fcdd9ff9b7d2973a7ca1251abe273efce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22B012C16985017C35447506BC02DB7023FD5C2F10330402EF405C1240D8400CC2D631
                                                                                                                                                                                                                                                                          Function 00614D43 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: c6ce5a78163a5c329c18f72e72b0065b64e6988f13673f6a9695acffddfc5fd5
                                                                                                                                                                                                                                                                          • Instruction ID: a4edce4cf9a314279046c2c9a6c1414e0f02d9198037be37f7b3c4af15fb5fb3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6ce5a78163a5c329c18f72e72b0065b64e6988f13673f6a9695acffddfc5fd5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74B012C16584017C36447505FD02CB7122FC6C1F20370822EF506C1240D8440CC39535
                                                                                                                                                                                                                                                                          Function 00614D4D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 14c9502c97a2b7c5ab7f57604b18495ff067780c1edf564b94f91bada3bb9af0
                                                                                                                                                                                                                                                                          • Instruction ID: b49296acf06809a87eb8150fce035baa584314ac869023cb5183ac9c2c8806f1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14c9502c97a2b7c5ab7f57604b18495ff067780c1edf564b94f91bada3bb9af0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33B012C1758411BC3A487505BC02CB7023FC5C1F10330802EF805C2280D8400CC69531
                                                                                                                                                                                                                                                                          Function 00614D57 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: a1f5ae0ea7d35d0e674bddb8a0ce271d9c58854043dec541f4cbaf3532b5a643
                                                                                                                                                                                                                                                                          • Instruction ID: d58ecf8d8ea3326ec9e86429df548bf737b7661ea435a4df445eb7171a532921
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1f5ae0ea7d35d0e674bddb8a0ce271d9c58854043dec541f4cbaf3532b5a643
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4B012C16684017C35447505FC02DB7023FD5C2F20330422FF406C1240D8440CC2D535
                                                                                                                                                                                                                                                                          Function 00614D25 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5368c3f032cb59e934ca80985f52fcc8bab34ee0f7e589650fe933402e9eeb36
                                                                                                                                                                                                                                                                          • Instruction ID: 256c32b9c79ac44e5eec88bae183b1f79b659bacaca2e5446926656975541f9b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5368c3f032cb59e934ca80985f52fcc8bab34ee0f7e589650fe933402e9eeb36
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2B012C17584017D35487505BC02DF7023FD5C2F10330402EF405C1240D8400CC2D531
                                                                                                                                                                                                                                                                          Function 00614D2F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9540854434f97125cd7d1c0ce74eda51294d01826048d1173c6f5b2631645da7
                                                                                                                                                                                                                                                                          • Instruction ID: 824293384f2a57a4b4868993cda4f329db3ad39d6d9f3196ffbf4630cd642d38
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9540854434f97125cd7d1c0ce74eda51294d01826048d1173c6f5b2631645da7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FB012C1658411BC39447505FC02CB7032FC5C5F20330812EF806C1340D8440CC29535
                                                                                                                                                                                                                                                                          Function 00614D39 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 36c688be35b17af4575860dd0ca4a2c2d908ab4a2dab7b1bc3bba06e9b88cf4e
                                                                                                                                                                                                                                                                          • Instruction ID: 993e8f779e407b190cddae1748925dc3d7b9100779b0c58f593cf98a95a48bdd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36c688be35b17af4575860dd0ca4a2c2d908ab4a2dab7b1bc3bba06e9b88cf4e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FB012C165C5017C36447605FC02CF7022FC5C1F20330422EF806C1240D8440CC69535
                                                                                                                                                                                                                                                                          Function 00614D0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: dba687a9cbfe954c3e58d87328537e1ea644708888b8808a30fde4a7cce46200
                                                                                                                                                                                                                                                                          • Instruction ID: 097001913cebbde4b623e65de011cd89032ffe60fae459a26ddec3954094c77f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dba687a9cbfe954c3e58d87328537e1ea644708888b8808a30fde4a7cce46200
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5B012C17584027C36083501BD02CB7062FC6C1F10330802EF501C0141D8400CC39431
                                                                                                                                                                                                                                                                          Function 00614DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614DAF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: df50a512324505f2c09a8f2957a67f81f35b1582bea481a587182d9b1e2ac296
                                                                                                                                                                                                                                                                          • Instruction ID: 362a0cf3285ec7df0101abc9d0d6f992c4caa1403534888a5769bf02001fd2af
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df50a512324505f2c09a8f2957a67f81f35b1582bea481a587182d9b1e2ac296
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB012C1A98411BC35847119BC02CB7010FC9C5B10331802EF40AC1161D8404CC64931
                                                                                                                                                                                                                                                                          Function 00614D89 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9e836062c95ec7def401b5261254692f1fadecc7076a60dee7370c733e97e2ed
                                                                                                                                                                                                                                                                          • Instruction ID: a0bae080420e72e08c53abfaf6d44ddfb6687d9ef2357d85c9ca2f6f9155ad26
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e836062c95ec7def401b5261254692f1fadecc7076a60dee7370c733e97e2ed
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B012C16586017C36447905BD02CB7022FC6C1F10330802EF505C1240D8400CC3D531
                                                                                                                                                                                                                                                                          Function 00614D93 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614D1C
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 58756dfac28c0e3887348d8b776d301a02ee9e1a9ba74095a6e7203b016f03fa
                                                                                                                                                                                                                                                                          • Instruction ID: 52aab3253083feaf4e063570dd0cb474efb7f46739899a3420c1823a013c0314
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58756dfac28c0e3887348d8b776d301a02ee9e1a9ba74095a6e7203b016f03fa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8B012C165C6017C3A447605BC02CF7022FC5C1F10330412EF805C1240D8400CC6D531
                                                                                                                                                                                                                                                                          Function 00614D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00614DAF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 234a7c36797078033cca3b42ce3bf7ffdbfcbee8ab61abee58963b1141dd8d69
                                                                                                                                                                                                                                                                          • Instruction ID: c0b6803f8af66f6da68d4991c22512ebe4d8367a0f47ae2d39a1bbe5f7cd16d7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 234a7c36797078033cca3b42ce3bf7ffdbfcbee8ab61abee58963b1141dd8d69
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26B012C16994117C31443101FC02CB7011FDDC3B107B1401EF042C006098404CC28831
                                                                                                                                                                                                                                                                          Function 006214C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006214D8
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0ba05b6aa5a3c249adc87db5e4b8610b00b5981af14af920a40d08026d10ba87
                                                                                                                                                                                                                                                                          • Instruction ID: 90cb4a9c11237fe475172688ecfe63d9c9cb8a1f2da359d73c9943a10316a18f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ba05b6aa5a3c249adc87db5e4b8610b00b5981af14af920a40d08026d10ba87
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7B012E125C8217C330431127D12C77115FC2D2B10730C01EF105C5681D4402CC35C35
                                                                                                                                                                                                                                                                          Function 006397AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006397C4
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: c77cb6056a731ef02d3ca35fb785cc70ae6261547d050f089f688db00f5d79c8
                                                                                                                                                                                                                                                                          • Instruction ID: db0fb293769dd5cbbb96f1a3ebabac2b189455f2dca21d17b5fc59bd02faf76b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c77cb6056a731ef02d3ca35fb785cc70ae6261547d050f089f688db00f5d79c8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3B012D12784117C320435196D02C77052FC2C1B10730C42EF901D0082A4800CC74C31
                                                                                                                                                                                                                                                                          Function 00639BF0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2419f045558faa8b07b788c935f6e7d96c4c1e47e65cffbf487398035c0dae3b
                                                                                                                                                                                                                                                                          • Instruction ID: 39b900d936a1b01b82c4dc6d8d6c24076d164597d4a9737e0efec41cf6622b31
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2419f045558faa8b07b788c935f6e7d96c4c1e47e65cffbf487398035c0dae3b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B012D126C4017C334479057D12C77120FCAC5B10730851FF106C0240E4800CC35935
                                                                                                                                                                                                                                                                          Function 00639BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 287d04e1759bc657ed0d1fb6053747460500b61112e2bd6231147c64841d2452
                                                                                                                                                                                                                                                                          • Instruction ID: 40ed67664aa60e022d495f64fd1687c0c1069532f1eb32977eb5fec4d0f361b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 287d04e1759bc657ed0d1fb6053747460500b61112e2bd6231147c64841d2452
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AB012D126C411BC324479057C12C77031FC9C5B10730851FF406C0240D4800CC25931
                                                                                                                                                                                                                                                                          Function 00639C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: e6fbd69bd1ec2602b1fe62739bd798b564532a50d48292cb303abc840522259a
                                                                                                                                                                                                                                                                          • Instruction ID: 4cd471e9193e170119bc55a6d126c1da9f3e245c95db431fcfa3af8f1627fc30
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6fbd69bd1ec2602b1fe62739bd798b564532a50d48292cb303abc840522259a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98B012C166C5217C324476057C12DB7010FC9C6B10730461FF406C0240D4900CC66971
                                                                                                                                                                                                                                                                          Function 00639C4A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 175f5eb565e555d9a9220ac472024bc9c772fd04820311340e6dfb2579456792
                                                                                                                                                                                                                                                                          • Instruction ID: 258d2093a6eb337f48fc3b6cd8c42d62cdfde692aa88a60f1a886a05e587f143
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 175f5eb565e555d9a9220ac472024bc9c772fd04820311340e6dfb2579456792
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4B012C126C4217C32447505BD12D77110FCAC6B10730851FF106C0250D4800CC36931
                                                                                                                                                                                                                                                                          Function 00639C54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 30bb529befb63e97f9ba6e2a9815f1dfc2db95fe089920a0cd066d83502c12be
                                                                                                                                                                                                                                                                          • Instruction ID: b8bc7e266074008ba211a36615354b70107b74ac6e7ce8a6a36d9b7a0132778d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30bb529befb63e97f9ba6e2a9815f1dfc2db95fe089920a0cd066d83502c12be
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39B012C126C4217C314475057C13E77011FD9C7B10730491FF006C0280D4800CC2A931
                                                                                                                                                                                                                                                                          Function 00639C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: f4e003116c7355bc252feaaefb9cad47102a03536ee7335c7a57f120431d1afb
                                                                                                                                                                                                                                                                          • Instruction ID: 0bc4dac98f1905dd79f623b8c9dc2ffde84a67849cded89991a27a03e945e917
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4e003116c7355bc252feaaefb9cad47102a03536ee7335c7a57f120431d1afb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DB012D126C4017C324475057D12C77218FCAC5B10B30851FF106C0240D4900CC35931
                                                                                                                                                                                                                                                                          Function 00639C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 26307d10babd021dd238a7ba74e24e9116d3a5cd47783d30cf60c10c3618775b
                                                                                                                                                                                                                                                                          • Instruction ID: fce07344f429589ea7700fffecce421881883317e6752aef3a70b9ee993a6c19
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26307d10babd021dd238a7ba74e24e9116d3a5cd47783d30cf60c10c3618775b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB012C226C5017C314479057C12D77115FD9C6B10730451FF006C0240D4900CC29931
                                                                                                                                                                                                                                                                          Function 00639C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1e67b5be70322a1fcc5e9894d7c2a1a685958d6e0fb49d622485a5d1674c4b9c
                                                                                                                                                                                                                                                                          • Instruction ID: e67bbfd422272069b10decc59bd1affd93bceb3de4b5aaa1e0edb8c7f4bd703d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e67b5be70322a1fcc5e9894d7c2a1a685958d6e0fb49d622485a5d1674c4b9c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84B012C126C431BC314475067C12D77010FC9C6B10730851FF406C0240D4804CC26931
                                                                                                                                                                                                                                                                          Function 00639C04 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0028a31369fc3c7605e02f11bffa99bd71bfed798fd5092c251b689453979461
                                                                                                                                                                                                                                                                          • Instruction ID: 858c9792e7ecfa2d0eed70fbf73dd5376056c60717ff3d45a92b44ac25d778cc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0028a31369fc3c7605e02f11bffa99bd71bfed798fd5092c251b689453979461
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85B012D126C4017C324479057C22D77021FDAC6B10730451FF006C0240D4800CC2D931
                                                                                                                                                                                                                                                                          Function 00639C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9873631c9834193d74308db9c8454bece995b5ef8c9b7f77f96e99d344558237
                                                                                                                                                                                                                                                                          • Instruction ID: 6cf0990ceb44a159ac9b05317b628656172a87f0a0f4549875a310e73d28e604
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9873631c9834193d74308db9c8454bece995b5ef8c9b7f77f96e99d344558237
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26B012C126C411BC314475157C12C77114FC9C5B10730851FF406C0240D4900CC25931
                                                                                                                                                                                                                                                                          Function 00639C18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00639BE7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006229AF
                                                                                                                                                                                                                                                                            • Part of subcall function 0062293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006229C0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                          • Opcode ID: 72df229fb44b7d45edde9ad316dc9538beebac8ec8fe375c7ee494b74d5667b2
                                                                                                                                                                                                                                                                          • Instruction ID: c760cc954dde7996551b67895160ac495d4d56257d0ea7b3bf1cc5fc88ef5af5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72df229fb44b7d45edde9ad316dc9538beebac8ec8fe375c7ee494b74d5667b2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B012C526C5017C324476057C12CB7114FC9C5B10730461FF406C0240D4904CC65931
                                                                                                                                                                                                                                                                          Function 005EECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                                                                                                          • Opcode ID: f2d0f504620c37e64475355f83036fdb9366a4e62a663aa5ed00daa668324313
                                                                                                                                                                                                                                                                          • Instruction ID: e96f9c0640e807506814bf22e9fa5ad92bda7697e8bdf090ea5990b54d7af0a3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d0f504620c37e64475355f83036fdb9366a4e62a663aa5ed00daa668324313
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E0E537200119ABDB01CB89EC44D9AFB6DFBD5371714407BF90887120D772AC25C7A0

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 005F0540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,EC80BF5C), ref: 005F0571
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005F05B7
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 005F05DD
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 005F05E9
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 005F05F5
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 005F0601
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 005F060D
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 005F061C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 005F0628
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 005F0634
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 005F0640
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 005F064C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 005F0658
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,FreeSid), ref: 005F0664
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 005F0670
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 005F067C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 005F0688
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeSid), ref: 005F0694
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 005F06A0
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 005F06AC
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 005F06B8
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 005F06C4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 005F06D0
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetAce), ref: 005F06DC
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DeleteAce), ref: 005F06E8
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EqualSid), ref: 005F06F4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 005F0700
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 005F070F
                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 005F07DE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                                                                                                          • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2701342527-838666417
                                                                                                                                                                                                                                                                          • Opcode ID: bd90049ec207e014d70123c91d2a1080b646462068450c6b319ac04b8af217e3
                                                                                                                                                                                                                                                                          • Instruction ID: ca5961f8c49912dcd809aeb64ae693647ffa61a67ce45023309bc3850a072b32
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd90049ec207e014d70123c91d2a1080b646462068450c6b319ac04b8af217e3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15819A30902B19FECF25AF21C84CBA5BFA5FF05315F040256E60466AA5D779A0AACFC1
                                                                                                                                                                                                                                                                          Function 0060F3C0 Relevance: 33.7, APIs: 13, Strings: 6, Instructions: 463encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0060F442
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0060F488
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0060F4C6
                                                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0060F527
                                                                                                                                                                                                                                                                          • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 0060F5AD
                                                                                                                                                                                                                                                                          • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 0060F602
                                                                                                                                                                                                                                                                          • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 0060F89C
                                                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0060F8B1
                                                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0060F8CB
                                                                                                                                                                                                                                                                            • Part of subcall function 0060E760: CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0060E877
                                                                                                                                                                                                                                                                          • CertVerifyCertificateChainPolicy.CRYPT32(00000003,00000000,0000000C,00000014), ref: 0060F906
                                                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0060F942
                                                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 0060FA73
                                                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(00000000), ref: 0060FAA6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cert$Certificate$ChainFree$ContextCryptParam$NameString$FromPolicyPropertyStoreSubjectVerify
                                                                                                                                                                                                                                                                          • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.
                                                                                                                                                                                                                                                                          • API String ID: 2452394995-549729705
                                                                                                                                                                                                                                                                          • Opcode ID: 065b6015ed86e8405dfbb7524cf59496099319a58ca4f3ddded27824348eb2e4
                                                                                                                                                                                                                                                                          • Instruction ID: b6079f8abbb7a76c0857ef50202a7c9ddc0f4e242b22337e2f72caa3c27c7c99
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 065b6015ed86e8405dfbb7524cf59496099319a58ca4f3ddded27824348eb2e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F612B270940229DBDF349F24CC49BEAB7B6AF15714F0441E9E909A7391E7329E84CFA0
                                                                                                                                                                                                                                                                          Function 0060EB60 Relevance: 27.5, APIs: 18, Instructions: 477encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,005FBDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0060EBD2
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EBE4
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EBF4
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060ECEE
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060ECFE
                                                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0060EDEE
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EE0A
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EE1C
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EEB6
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EEC2
                                                                                                                                                                                                                                                                            • Part of subcall function 0060F3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0060F442
                                                                                                                                                                                                                                                                            • Part of subcall function 0060F3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0060F488
                                                                                                                                                                                                                                                                            • Part of subcall function 0060F3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0060F4C6
                                                                                                                                                                                                                                                                            • Part of subcall function 0060F3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0060F527
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EF02
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EF14
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EFAE
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EFBA
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060EFDA
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060EFEA
                                                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0060F0CB
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0060F0DB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2648890560-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9bf725bb2b8f7fbca2522368c78ba8ad334288642b5ab38fc7378ce9d052c6d9
                                                                                                                                                                                                                                                                          • Instruction ID: a9034e74ce06f75190389de22ed8c7aeef491ed8d105aa8186fd339b93dbbc96
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bf725bb2b8f7fbca2522368c78ba8ad334288642b5ab38fc7378ce9d052c6d9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00025DB1A402199BEF18DFA8CD59BEFBBB9AF08304F144558E501F72C1D775AA408BA4
                                                                                                                                                                                                                                                                          Function 00602B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,EC80BF5C,00000000,?,?,?,00603AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00602B73
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00602B98
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Controller), ref: 00602BA7
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Release), ref: 00602BC8
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00602C46
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00602CC3
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00603AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00602CCB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Failed to load library %s. Error 0x%08X, xrefs: 00602CD5
                                                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00602CDF
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00602CE4
                                                                                                                                                                                                                                                                          • Dispatcher, xrefs: 00602B92
                                                                                                                                                                                                                                                                          • Release, xrefs: 00602BC2
                                                                                                                                                                                                                                                                          • Controller, xrefs: 00602B9E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                                                                                                          • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                                                                                                          • API String ID: 2058215185-435243658
                                                                                                                                                                                                                                                                          • Opcode ID: 120941761ae48fc4b0494b33d6c3b19c733522805a1216629bf967ac1da95bf3
                                                                                                                                                                                                                                                                          • Instruction ID: 34ccb5491a33d88d52b7759b9036d61ded68861da6648d2cb7e8b32b7176809d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 120941761ae48fc4b0494b33d6c3b19c733522805a1216629bf967ac1da95bf3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441ABB0A403059FDB049FA9C958B9EBBF6FF0C700F11426AE409AB391C7B58944CFA5
                                                                                                                                                                                                                                                                          Function 005D6220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?), ref: 005D6268
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005D6274
                                                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 005D63BF
                                                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 005D63DF
                                                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 005D63FC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • al exception rule %x:%x res %s, xrefs: 005D632E
                                                                                                                                                                                                                                                                          • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 005D671E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                                                                                                          • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                                                                                                          • API String ID: 3004248768-911235813
                                                                                                                                                                                                                                                                          • Opcode ID: 89e5211d8fe4ad76318112ec7666447bdb6b7d437069124bdb44e58e37a3b432
                                                                                                                                                                                                                                                                          • Instruction ID: d343e7f6f4514e6dca611912f4a320138ea7add6daa90b928f842762c5dd50ea
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89e5211d8fe4ad76318112ec7666447bdb6b7d437069124bdb44e58e37a3b432
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74F120357012189FDB299F24CC95BADBBB6BF48714F1500DAE909A7390CB70AE85CF91
                                                                                                                                                                                                                                                                          Function 005D67B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005D67F3
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005D67FB
                                                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 005D687F
                                                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 005D689F
                                                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 005D68BC
                                                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 005D68DE
                                                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(00000000), ref: 005D68EF
                                                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 005D6902
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 005D6951
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 005D6980
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • al exception rule %x:%x res %s, xrefs: 005D6824
                                                                                                                                                                                                                                                                          • Freeing access handle %p, xrefs: 005D67D0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                                                                                                          • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                                                                                                          • API String ID: 581428007-3582322424
                                                                                                                                                                                                                                                                          • Opcode ID: a8bd2b5a72a2accbfe5b512984d01397dfb643c352eeb705b5aeb60d86871acf
                                                                                                                                                                                                                                                                          • Instruction ID: 4df30c2f3b613afbebfd3af89ddbc5d05a9192d5ebc17967567fd75e0eba7f3e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8bd2b5a72a2accbfe5b512984d01397dfb643c352eeb705b5aeb60d86871acf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F516471A40218ABEF348B64DC45FDA77B8BB18710F144196FA08E62C1DBB1EE95CF61
                                                                                                                                                                                                                                                                          Function 0065C65F Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 257COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,?,?,?,?,006500E4,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0065C720
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,006500E4,?,?,?,00000055,?,-00000050,?,?), ref: 0065C74B
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 0065C7DF
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 0065C7ED
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0065C8B4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                                                                                                                          • String ID: (3i$utf8
                                                                                                                                                                                                                                                                          • API String ID: 4147378913-3644598926
                                                                                                                                                                                                                                                                          • Opcode ID: ad7a31a170783433e19ad8caf637a56d6e9e7929fd7f52c253232a527f06ad0b
                                                                                                                                                                                                                                                                          • Instruction ID: 3b833fbdc1f8680115392c6bf93a821f1775846e4e2e6cb2e3a0b4e5052a63da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad7a31a170783433e19ad8caf637a56d6e9e7929fd7f52c253232a527f06ad0b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71710731600302AEDB24AB34CC82BA677AEEF48726F144029FD05DB281EB75D9488B64
                                                                                                                                                                                                                                                                          Function 0060F150 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 342encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0060F442
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0060F488
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0060F4C6
                                                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0060F527
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                                                                                                                          • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                                                                                                                          • API String ID: 738114118-146536318
                                                                                                                                                                                                                                                                          • Opcode ID: 019f686a3b72eb618b1b405a570875fb44cfb75b9c1de0cbf2b7234e33dd288e
                                                                                                                                                                                                                                                                          • Instruction ID: 46322a58871b8fe16e07a8dd83ff4abac3c63389c6ab4037c56485fa364c0aed
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 019f686a3b72eb618b1b405a570875fb44cfb75b9c1de0cbf2b7234e33dd288e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBD16D71D00219DFDB29DF64C885BEEBBB6EF49710F1441A9E819A7780D731AA44CFA0
                                                                                                                                                                                                                                                                          Function 0065CFDB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D0B
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D41
                                                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0065D0E7
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 0065D130
                                                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 0065D13F
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0065D187
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0065D1A6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                          • String ID: (3i
                                                                                                                                                                                                                                                                          • API String ID: 949163717-152728198
                                                                                                                                                                                                                                                                          • Opcode ID: 3fe08edbb8cafcc87daa000c8840d60289f370b38877f93a0109a18adaa03ae8
                                                                                                                                                                                                                                                                          • Instruction ID: 1353fb57b247d1b9cd0e41e757551e0a29fb3b91cadeb79cb94a89635627c08c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fe08edbb8cafcc87daa000c8840d60289f370b38877f93a0109a18adaa03ae8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB518071A00206AFDB20DFA4CC41AFE77BABF09702F144469ED15EB2D0DB719949CB65
                                                                                                                                                                                                                                                                          Function 0065CE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,0065D124,00000002,00000000,?,?,?,0065D124,?,00000000), ref: 0065CE9F
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,0065D124,00000002,00000000,?,?,?,0065D124,?,00000000), ref: 0065CEC8
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,0065D124,?,00000000), ref: 0065CEDD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: ab0390913ad668826a2a845ad00c8651a77ccdb3ac3ea654dae87a35f350ebec
                                                                                                                                                                                                                                                                          • Instruction ID: 00c864390a223dc65327e1cc5276fbcd2158ac24cce1174430408036d197e763
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab0390913ad668826a2a845ad00c8651a77ccdb3ac3ea654dae87a35f350ebec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A214132600301AEEB348F64D943AE773A7AB54B76F568464ED0ADB704E732DE49C790
                                                                                                                                                                                                                                                                          Function 00667BC0 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00667BE9
                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00667BFD
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00667C4D
                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00667C62
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3562403962-0
                                                                                                                                                                                                                                                                          • Opcode ID: 79bc5a7f7ca087c7b359cdb71e95a63479d1d039cd0e854ccaf736bd007593e7
                                                                                                                                                                                                                                                                          • Instruction ID: 361176c8a1c688988ba2268c1c1d73e3e5704ab1a4b2555d3edf3995a970fb61
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79bc5a7f7ca087c7b359cdb71e95a63479d1d039cd0e854ccaf736bd007593e7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B217772E00219AFDB20DBA8DC95EEF77BEEF48754F050569E915E7240EA30E944CB90
                                                                                                                                                                                                                                                                          Function 006393F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006393FE
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 006394CA
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006394EA
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 006394F4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                                                          • Opcode ID: a7e47136f51160b2655feaa164652227a677c55f5b64ec451377439e858936fc
                                                                                                                                                                                                                                                                          • Instruction ID: 3a989a8875f7032efb8bca5966c8d10c5490044a68c442d0c72261537f83e901
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7e47136f51160b2655feaa164652227a677c55f5b64ec451377439e858936fc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73313875D0121C9BDB51DFA4D989BCDBBB8AF08304F1040EAE40DAB250EB719B888F55
                                                                                                                                                                                                                                                                          Function 0065CA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D0B
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D41
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0065CAD4
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0065CB1E
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0065CBE4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3140898709-0
                                                                                                                                                                                                                                                                          • Opcode ID: c08ada2e0e8462e1ce87af1ff6954f4b3d4de84a4aaeed08a9b1480605cc5336
                                                                                                                                                                                                                                                                          • Instruction ID: 2d23955c281db100947d38e1c762533ebdcdf64c407547fd28c74e9444a30348
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c08ada2e0e8462e1ce87af1ff6954f4b3d4de84a4aaeed08a9b1480605cc5336
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1761C7715003179FDB289F24CC82BBA77BAEF14326F1440BAED09D6285E739D989DB50
                                                                                                                                                                                                                                                                          Function 0063D453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,006B80CC), ref: 0063D54B
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,006B80CC), ref: 0063D555
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,006B80CC), ref: 0063D562
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9ce3873e940096f9205b40362fbb1c8f584e515b9b236f5390d1de98cc9d5527
                                                                                                                                                                                                                                                                          • Instruction ID: 492b41c6c24f6093a1e0bf9839c8859e0d91c495e429aab8561c842a36f5fefb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ce3873e940096f9205b40362fbb1c8f584e515b9b236f5390d1de98cc9d5527
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1331C5B490121CABCB61DF68D8897CDBBB9BF18310F5051EAE41CA7251EB709F858F85
                                                                                                                                                                                                                                                                          Function 00639215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0063922B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                          • Opcode ID: dda6915fa38ff008f7eadeee5dc87872d91ed8b0cf55d244cc643986fc783a36
                                                                                                                                                                                                                                                                          • Instruction ID: d385f81b7f093432bf4637cec69fba9f64bf85ed7d21bf4571bec1ba20bb0c6a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dda6915fa38ff008f7eadeee5dc87872d91ed8b0cf55d244cc643986fc783a36
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77519DB19106159FEB15CFA4D8957AABBF2FB48310F24956AC405EB390D3B4AD40CFA0
                                                                                                                                                                                                                                                                          Function 00659BF0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5f0e582dc821b43d7b61b1f4d11f354f54e10ed1f0f3eb158c97d12ce2aabbdd
                                                                                                                                                                                                                                                                          • Instruction ID: 01d5ad28afc0eefc8c6f89780e7709ff047fd37f571ed809106c3f475b3c1ca5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f0e582dc821b43d7b61b1f4d11f354f54e10ed1f0f3eb158c97d12ce2aabbdd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8131C672900219AFCB24EFA9CC89DEB77BAEB85311F14455CFC1997241EA30AE44CA64
                                                                                                                                                                                                                                                                          Function 0065CCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D0B
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: _free.LIBCMT ref: 00651D41
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0065CD34
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2003897158-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2bc217a8f296bfc26c229615efee0f757f8191ec1a9d6c6b93a3a1a73fc23e81
                                                                                                                                                                                                                                                                          • Instruction ID: 7271642a8e6fd55e5cd6479cad3ba0c9c19f0bae5a0a1120235fa13736efdd30
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bc217a8f296bfc26c229615efee0f757f8191ec1a9d6c6b93a3a1a73fc23e81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621B6325103069FDB289B25DC52ABA37BAEF44321F10017EFD06DA241EB35DD48CA54
                                                                                                                                                                                                                                                                          Function 0065C952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0065CA80,00000001,00000000,?,-00000050,?,0065D0BB,00000000,?,?,?,00000055,?), ref: 0065C9C4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5642f5d2f5cc9e84e993bbf0d4a6ce0af211ea5979fc0579325112be7c5b2811
                                                                                                                                                                                                                                                                          • Instruction ID: 0bc15f503b4227de14bb43e9f58a5220f095a6cb716edded83f551348ebec4ff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5642f5d2f5cc9e84e993bbf0d4a6ce0af211ea5979fc0579325112be7c5b2811
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D11E5362007059FDB189F39C8916BABB93FF8436AF19442DED8787B40D771A946C740
                                                                                                                                                                                                                                                                          Function 0065CF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0065CC9C,00000000,00000000,?), ref: 0065CF38
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4d083e96817aa45709ba5395933be814fe4ee8a0bc92cc4b882887892523c489
                                                                                                                                                                                                                                                                          • Instruction ID: 5181dd5fa0ee3845dccdb1423667c57930fb290c595de48782a78212eed618d5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d083e96817aa45709ba5395933be814fe4ee8a0bc92cc4b882887892523c489
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F0F936500311BFDB285724C806BFA7B9BEF40765F054428ED15A3280DA34FE49C590
                                                                                                                                                                                                                                                                          Function 0065C9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0065CCE0,00000001,?,?,-00000050,?,0065D07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0065CA37
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1e4b53d6a159ef4a6326955a90c8d37bcfce56c7b3f0b4d872c6d20330f100ee
                                                                                                                                                                                                                                                                          • Instruction ID: 2b677c8153e7dba4b72280c6884070e50ede4151f88ca8ac4dee1740c9a3232b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e4b53d6a159ef4a6326955a90c8d37bcfce56c7b3f0b4d872c6d20330f100ee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F0F6362003485FDB159F39DC82ABA7F96EF81379F05442DFD458B690C6769C45C650
                                                                                                                                                                                                                                                                          Function 00653F6D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0064CD41: EnterCriticalSection.KERNEL32(?,?,0064F653,00000000,006AC338,0000000C,0064F61A,?,?,00653400,?,?,00651E4B,00000001,00000364,00000006), ref: 0064CD50
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00653F60,00000001,006AC4B8,0000000C,0065447F,00000000), ref: 00653FA5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                          • Opcode ID: 13eeddfac4550e18f7a5c7904dfb50f5b9d2404993387c53f3fdad4bd6ff719f
                                                                                                                                                                                                                                                                          • Instruction ID: 612162ef5fcc4f5fddf75f38c3d935adba2fe7547482b15a8961ad22e4b33c0b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13eeddfac4550e18f7a5c7904dfb50f5b9d2404993387c53f3fdad4bd6ff719f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF04972A00214DFD700EF98E842B9C7BF2FB09761F10822AF8109B3A0CB755944CF55
                                                                                                                                                                                                                                                                          Function 0065C907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0065C860,00000001,?,?,?,0065D0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0065C93E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                          • Opcode ID: e655a8a84f05a5904c1a5359bdaea3f61dfb6f1705be08692153ebc83dee4200
                                                                                                                                                                                                                                                                          • Instruction ID: efc3d44bd0516232fddfc3c3797ffb484e67cea8983c411e5ef4a49862ab659c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e655a8a84f05a5904c1a5359bdaea3f61dfb6f1705be08692153ebc83dee4200
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F05C363003045BCB059F79DC4666ABF55EFC1721F06405DFE058B240C2369946C750
                                                                                                                                                                                                                                                                          Function 00637E28 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00635D32,00000000,?,00000004,00634946,?,00000004,00634D77,00000000,00000000), ref: 00637E40
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                          • Opcode ID: 861440af328da7a743694c180213dde958301ea561cdf1638f84c9b3c367152a
                                                                                                                                                                                                                                                                          • Instruction ID: 778917da1de83158032572505fff89164c684556e61d66907df1437e051a19b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 861440af328da7a743694c180213dde958301ea561cdf1638f84c9b3c367152a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AE0D872654104F5EB258BB89E0FFFA369ED701719F1042D1A302E42E1DAA0CF00A1D1
                                                                                                                                                                                                                                                                          Function 006545DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00650C61,?,20001004,00000000,00000002,?,?,0065024C), ref: 0065460E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8640b0f9613032e8588932c97babbaa0f4fb1bf9a8a701346fc3589f2c851651
                                                                                                                                                                                                                                                                          • Instruction ID: 4b28119939802219510225bd6cadfc69d109701e012c70a23c81915e87ceafb6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8640b0f9613032e8588932c97babbaa0f4fb1bf9a8a701346fc3589f2c851651
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3E04F31501128BBCF122F60EC05F9E3E1BEF49766F014054FD1966261CF3289A5AAD8
                                                                                                                                                                                                                                                                          Function 0060E610 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCrypt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1563465135-0
                                                                                                                                                                                                                                                                          • Opcode ID: c18c214498bda10761deecb14a073abe4624f01627e484e07118eafdb9162758
                                                                                                                                                                                                                                                                          • Instruction ID: 8372a66ef6d570018cddf5d78fde766ca80c6ad826371c460623a2df218cc62d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c18c214498bda10761deecb14a073abe4624f01627e484e07118eafdb9162758
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEB011B0A002008BEF00AFB2AA0C80233AAAB003023280888A200C20A0EA22C800CA28
                                                                                                                                                                                                                                                                          Function 00639586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,00638A95), ref: 0063958B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0264d95eb6a85bd56c95ac83d68ce5ad23a7ebee118ff3e11da604cfbd6bb7eb
                                                                                                                                                                                                                                                                          • Instruction ID: b9d641cc6082a7cd71847ddde2f94a4534ac0aebd853f4ed804f094ba0400455
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0264d95eb6a85bd56c95ac83d68ce5ad23a7ebee118ff3e11da604cfbd6bb7eb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 005C463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 006388FA: EnterCriticalSection.KERNEL32(006B742C,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 00638905
                                                                                                                                                                                                                                                                            • Part of subcall function 006388FA: LeaveCriticalSection.KERNEL32(006B742C,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 00638942
                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(?,?,?,005CE97C,EC80BF5C,?,?,?,?,00669590,000000FF), ref: 005C4676
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: EnterCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388BA
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: LeaveCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388ED
                                                                                                                                                                                                                                                                            • Part of subcall function 006388B0: RtlWakeAllConditionVariable.NTDLL ref: 00638964
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 325507722-0
                                                                                                                                                                                                                                                                          • Opcode ID: a85b04dad3bda61223c5139864fc7d7687f8ed20bca2bdfc04bed699a68d6ef4
                                                                                                                                                                                                                                                                          • Instruction ID: 9985bfa7fe0bc5df531363f3f36c9104a3fe42bc19fd45c1cd60207e4572b964
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a85b04dad3bda61223c5139864fc7d7687f8ed20bca2bdfc04bed699a68d6ef4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 661149B1504700DED390BB68EC46B863BABA7453A4F641219E608C72A2DF7468C9CB68
                                                                                                                                                                                                                                                                          Function 00654619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • GetSystemTimePreciseAsFileTime, xrefs: 00654629
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                                                          • API String ID: 0-595813830
                                                                                                                                                                                                                                                                          • Opcode ID: aa14fb7924d021a20ca8edd479e048bd8db029f1c87009cd16bdd120c0bbaa62
                                                                                                                                                                                                                                                                          • Instruction ID: 326e0cb89741c954fb9352cf9b19378bc141cf688ffb298058d37b23a09c02b0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa14fb7924d021a20ca8edd479e048bd8db029f1c87009cd16bdd120c0bbaa62
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE0C233680225738A2036A16C06FAA7E0BCB40BB2F4501A2FF0866642C9A2499486D9
                                                                                                                                                                                                                                                                          Function 00657D23 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b5ce6385de40e7d6f545df50b4196bb5d1d00dfe9e5920597663614fbb197408
                                                                                                                                                                                                                                                                          • Instruction ID: 6defda4f4a9b407ad5ce4a067ce2edbf38d2ad9eb384a78b7b96a619f5683585
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5ce6385de40e7d6f545df50b4196bb5d1d00dfe9e5920597663614fbb197408
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0F0326586209BCB26DA5CE518BF877BEEF46B42F100245EA01DB360C6A0DF48C3C0
                                                                                                                                                                                                                                                                          Function 00657C6A Relevance: .0, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b1cc2e3b911fe94b92a22f0c42fc3605d643ede88a4c60887ecd1b761e77943e
                                                                                                                                                                                                                                                                          • Instruction ID: 02fb1009e184c200bd6cd3ed35f414d6abaa4876cdaf37da69ea36d3fa909961
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1cc2e3b911fe94b92a22f0c42fc3605d643ede88a4c60887ecd1b761e77943e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0E531615330EFCB22DB4DD805B8873ADEB44BA6F110096F800DB250C670DD84C7D0
                                                                                                                                                                                                                                                                          Function 00657CAE Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 8e0816387e1add785a59b376122a9c52c3e027d64a81a2d9097907dcc734f349
                                                                                                                                                                                                                                                                          • Instruction ID: 2faf13ce9b78c695bab5e97a752e155459479e2f126c33a5cef2a1d27ed372fb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e0816387e1add785a59b376122a9c52c3e027d64a81a2d9097907dcc734f349
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8F03072A15224AFCB26DF4CD806B8973ADEB45B55F110096F801D7250CAB4DE44C7C0
                                                                                                                                                                                                                                                                          Function 00657CF2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e987def8769bcac00432ddd4e9e7791ba2548d1561dedc4a3590fd0733c09369
                                                                                                                                                                                                                                                                          • Instruction ID: b86ea54429ff42ab51816cd53acafdf4b357b4b5bcfef81ee50aee413be7cc1a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e987def8769bcac00432ddd4e9e7791ba2548d1561dedc4a3590fd0733c09369
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E04632915228EBCB14DB88D94499AB2FDEB49B02F21059AB901D3210C270DE04D7D4
                                                                                                                                                                                                                                                                          Function 00626AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00626AB6
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00626AC4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00626AD5
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00626AE6
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00626AF7
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00626B08
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00626B19
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00626B2A
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00626B3B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00626B4C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00626B5D
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00626B6E
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00626B7F
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00626B90
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00626BA1
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00626BB2
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00626BC3
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00626BD4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00626BE5
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00626BF6
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00626C07
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00626C18
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00626C29
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00626C3A
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00626C4B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00626C5C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00626C6D
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00626C7E
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00626C8F
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00626CA0
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00626CB1
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00626CC2
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00626CD3
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00626CE4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00626CF5
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00626D06
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00626D17
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00626D28
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00626D39
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00626D4A
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00626D5B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                          • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 667068680-295688737
                                                                                                                                                                                                                                                                          • Opcode ID: 4e9699274fac34d45a4ad7c2fe9f490c72b4c4df07bfa0bb720395b71e8d61db
                                                                                                                                                                                                                                                                          • Instruction ID: 13736672a18067f2d3c16545f8d6a6aa3b75af9cffbd136bfa9bdc74a8e2f080
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e9699274fac34d45a4ad7c2fe9f490c72b4c4df07bfa0bb720395b71e8d61db
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7461AAB1A96310ABD7046FB4AC4D99A3FABBA4D7053052BAAF105D31B0D7F641D4CF60
                                                                                                                                                                                                                                                                          Function 0062E7FF Relevance: 66.9, APIs: 26, Strings: 12, Instructions: 415COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • ctype.LIBCPMT ref: 0062E830
                                                                                                                                                                                                                                                                            • Part of subcall function 005C3055: __Getctype.LIBCPMT ref: 005C3064
                                                                                                                                                                                                                                                                            • Part of subcall function 00627D5B: __EH_prolog3.LIBCMT ref: 00627D62
                                                                                                                                                                                                                                                                            • Part of subcall function 00627D5B: std::_Lockit::_Lockit.LIBCPMT ref: 00627D6C
                                                                                                                                                                                                                                                                            • Part of subcall function 00627D5B: std::_Lockit::~_Lockit.LIBCPMT ref: 00627DDD
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E83E
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E855
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E89C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E8CF
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E921
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E936
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E955
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E974
                                                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 0062E97E
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 0062E9C0
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E9D4
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EABD
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EB18
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EB74
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EB89
                                                                                                                                                                                                                                                                            • Part of subcall function 0062816E: __EH_prolog3.LIBCMT ref: 00628175
                                                                                                                                                                                                                                                                            • Part of subcall function 0062816E: std::_Lockit::_Lockit.LIBCPMT ref: 0062817F
                                                                                                                                                                                                                                                                            • Part of subcall function 0062816E: std::_Lockit::~_Lockit.LIBCPMT ref: 006281F0
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EBA8
                                                                                                                                                                                                                                                                            • Part of subcall function 006283C2: __EH_prolog3.LIBCMT ref: 006283C9
                                                                                                                                                                                                                                                                            • Part of subcall function 006283C2: std::_Lockit::_Lockit.LIBCPMT ref: 006283D3
                                                                                                                                                                                                                                                                            • Part of subcall function 006283C2: std::_Lockit::~_Lockit.LIBCPMT ref: 00628444
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EBC7
                                                                                                                                                                                                                                                                            • Part of subcall function 0062832D: __EH_prolog3.LIBCMT ref: 00628334
                                                                                                                                                                                                                                                                            • Part of subcall function 0062832D: std::_Lockit::_Lockit.LIBCPMT ref: 0062833E
                                                                                                                                                                                                                                                                            • Part of subcall function 0062832D: std::_Lockit::~_Lockit.LIBCPMT ref: 006283AF
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EBE6
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EC38
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EC7D
                                                                                                                                                                                                                                                                            • Part of subcall function 0062DDD2: __EH_prolog3.LIBCMT ref: 0062DDD9
                                                                                                                                                                                                                                                                            • Part of subcall function 0062DDD2: _Getvals.LIBCPMT ref: 0062DE2B
                                                                                                                                                                                                                                                                            • Part of subcall function 0062DDD2: _Mpunct.LIBCPMT ref: 0062DE66
                                                                                                                                                                                                                                                                            • Part of subcall function 0062DDD2: _Mpunct.LIBCPMT ref: 0062DE80
                                                                                                                                                                                                                                                                            • Part of subcall function 00628044: __EH_prolog3.LIBCMT ref: 0062804B
                                                                                                                                                                                                                                                                            • Part of subcall function 00628044: std::_Lockit::_Lockit.LIBCPMT ref: 00628055
                                                                                                                                                                                                                                                                            • Part of subcall function 00628044: std::_Lockit::~_Lockit.LIBCPMT ref: 006280C6
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EA41
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: Concurrency::cancel_current_task.LIBCPMT ref: 00625748
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: __EH_prolog3.LIBCMT ref: 00625755
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00625781
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 0062578C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062E9EB
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: __EH_prolog3.LIBCMT ref: 0062568F
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: std::_Lockit::_Lockit.LIBCPMT ref: 00625699
                                                                                                                                                                                                                                                                            • Part of subcall function 00625688: std::_Lockit::~_Lockit.LIBCPMT ref: 0062573D
                                                                                                                                                                                                                                                                            • Part of subcall function 00627F1A: __EH_prolog3.LIBCMT ref: 00627F21
                                                                                                                                                                                                                                                                            • Part of subcall function 00627F1A: std::_Lockit::_Lockit.LIBCPMT ref: 00627F2B
                                                                                                                                                                                                                                                                            • Part of subcall function 00627F1A: std::_Lockit::~_Lockit.LIBCPMT ref: 00627F9C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EA2C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0062EA8A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Mpunct$Concurrency::cancel_current_taskGetcollGetctypeGetvalsLocinfoLocinfo::~_Makeloccollatectype
                                                                                                                                                                                                                                                                          • String ID: sk$$sk$(sk$,sk$0sk$0sk$4sk$4sk$8sk$8sk$<sk$u{jD
                                                                                                                                                                                                                                                                          • API String ID: 207879573-3930647229
                                                                                                                                                                                                                                                                          • Opcode ID: e51e698805321268aa3c0b9807d7ece98350509a1b15ee06258ceec0f39675b3
                                                                                                                                                                                                                                                                          • Instruction ID: 425522448f728410cbe723f1d755664beac62c60529ee56cddadb9489f002f33
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e51e698805321268aa3c0b9807d7ece98350509a1b15ee06258ceec0f39675b3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D1EBB0D05A269FDB206FA4980AAFF3EA7EF41360F14452DF84667391DB754D009BE2
                                                                                                                                                                                                                                                                          Function 00635D66 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00635D6D
                                                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 00635D76
                                                                                                                                                                                                                                                                            • Part of subcall function 00634A42: __EH_prolog3_GS.LIBCMT ref: 00634A49
                                                                                                                                                                                                                                                                            • Part of subcall function 00634A42: __Getcoll.LIBCPMT ref: 00634AAD
                                                                                                                                                                                                                                                                            • Part of subcall function 00634A42: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00634AC9
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 00635DBC
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635DD0
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635DE5
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635E23
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635E36
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635E7C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635EB0
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635F6B
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635F7E
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635F9B
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635FB8
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635FD5
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00635F0D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • numpunct.LIBCPMT ref: 00636014
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00636024
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00636068
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0063607B
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00636098
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$H_prolog3H_prolog3_LocinfoLocinfo::~_Lockit::_Lockit::~_collatenumpunct
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2009638416-0
                                                                                                                                                                                                                                                                          • Opcode ID: 267b827b9d5ba2096196781f5a8d9fc50f0acc1538af4878af8810292ae7bc5f
                                                                                                                                                                                                                                                                          • Instruction ID: 954e12645c12e46e13dfa9695bee6b145c31d789cb97ab27c7fcb85c81811de5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 267b827b9d5ba2096196781f5a8d9fc50f0acc1538af4878af8810292ae7bc5f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F091D3B1D01A116FDB647BB58C0ABBF7EAAEF51360F10442CF806A7282DB70490197E6
                                                                                                                                                                                                                                                                          Function 00610780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • DeleteFile, xrefs: 0061086B
                                                                                                                                                                                                                                                                          • Failed to delete src cab (%d), xrefs: 00610A0D
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 006108E5, 00610962, 006109A7, 006109DE, 00610A19, 00610A49
                                                                                                                                                                                                                                                                          • Unable to verify signature for file: %s, xrefs: 00610956
                                                                                                                                                                                                                                                                          • Source, xrefs: 006107D1
                                                                                                                                                                                                                                                                          • Failed to extract cab (%s), xrefs: 006109D2
                                                                                                                                                                                                                                                                          • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00610A31
                                                                                                                                                                                                                                                                          • Failed to parse DeleteFile as a boolean - default to false, xrefs: 006108D9
                                                                                                                                                                                                                                                                          • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00610A3D, 00610A42
                                                                                                                                                                                                                                                                          • invalid substitutor, xrefs: 006107C5
                                                                                                                                                                                                                                                                          • Unable to substitute DeleteFile attribute, xrefs: 006108BC
                                                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 0061095D, 006109A2, 006109D9, 00610A14
                                                                                                                                                                                                                                                                          • DestDir, xrefs: 00610813
                                                                                                                                                                                                                                                                          • Unable to create desusertion directory (%d), xrefs: 0061099B
                                                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 006108E0, 00610A44
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create desusertion directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                                                          • API String ID: 0-2605792675
                                                                                                                                                                                                                                                                          • Opcode ID: 6945686677fa02e109d8c84c59d98b0f1d214b7fd4da28788b0adba41613abd6
                                                                                                                                                                                                                                                                          • Instruction ID: f96d93c6366a2220d07e4448df6951c06a092fd2834b8de96ee404fe892faf9e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6945686677fa02e109d8c84c59d98b0f1d214b7fd4da28788b0adba41613abd6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB910270A40309ABEF10EF90C85ABFE7B76BF55705F080519F50567282DBB5A9C8CBA1
                                                                                                                                                                                                                                                                          Function 005DA118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005DDE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDF0C
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DA143
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DA1AA
                                                                                                                                                                                                                                                                            • Part of subcall function 005DE0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE161
                                                                                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 005DA1C1
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 005DA1DD
                                                                                                                                                                                                                                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 005DA24C
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 005DA268
                                                                                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 005DA410
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 005DA46F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                                                                                                          • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                                                                                                          • API String ID: 1380281556-3274429967
                                                                                                                                                                                                                                                                          • Opcode ID: 45c3711c8917fff48e175ec1a4181d1d57051ab7c9e3270c39aaa8c1ff59b574
                                                                                                                                                                                                                                                                          • Instruction ID: 90a6e6e1256d247b1372b04049848dc5d42a59e55d40980deaf3f799b4e73bf2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45c3711c8917fff48e175ec1a4181d1d57051ab7c9e3270c39aaa8c1ff59b574
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77B1C670A006069FDB14DFA4C85ABEEBBB6FF44314F00415EE41967381DB756A48CF96
                                                                                                                                                                                                                                                                          Function 00610FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,EC80BF5C,000000FF,00000000,00000000,0066DF30,000000FF), ref: 00610FE8
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00610FF8
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,EC80BF5C,000000FF,00000000,00000000,0066DF30,000000FF), ref: 00611037
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00611058
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,?), ref: 00611088
                                                                                                                                                                                                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 0061109C
                                                                                                                                                                                                                                                                          • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 006110D9
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 006110F0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 00610FE3
                                                                                                                                                                                                                                                                          • CreateFileTransactedW, xrefs: 00610FF2
                                                                                                                                                                                                                                                                          • Failed to map file to memory, xrefs: 00611101
                                                                                                                                                                                                                                                                          • NWebAdvisor::CFileMemMap::Init, xrefs: 00611066, 00611108
                                                                                                                                                                                                                                                                          • Failed to open the file: %d, xrefs: 0061105F
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 0061106B, 0061110D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                                                                                                          • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2423579280-2843467768
                                                                                                                                                                                                                                                                          • Opcode ID: 6a5eb8293db87bcfaf7a38287c11e1b75d35824f02303d6239bfe15caba91d57
                                                                                                                                                                                                                                                                          • Instruction ID: 743ea73479f221901b7a17c35baf73a4b541314bce2568ed30080d463d4060c6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a5eb8293db87bcfaf7a38287c11e1b75d35824f02303d6239bfe15caba91d57
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A541B870B40701BBEB249F60CC46FE9B7A6BB19B14F144618F715EA2C0DBB5A5C48B94
                                                                                                                                                                                                                                                                          Function 00612FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,EC80BF5C), ref: 006130F1
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000008), ref: 0061317C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00613157
                                                                                                                                                                                                                                                                          • Name, xrefs: 00613055
                                                                                                                                                                                                                                                                          • Error opening HKLM registry key: %d, xrefs: 006130FC
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00613108, 00613163, 006131A9, 006131D1
                                                                                                                                                                                                                                                                          • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 006131C5
                                                                                                                                                                                                                                                                          • Key, xrefs: 00613013
                                                                                                                                                                                                                                                                          • Error (%d) deleting registry value (%s) in key: %s, xrefs: 0061319D
                                                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00613103, 0061315E, 006131A4, 006131CC
                                                                                                                                                                                                                                                                          • Invalid substitutor, xrefs: 00613005
                                                                                                                                                                                                                                                                          • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 006131BC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                                                                                                                                          • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                                                                                                          • API String ID: 47109696-1081640057
                                                                                                                                                                                                                                                                          • Opcode ID: 2bd55cb17d64183d9a1a1e913599bb1e4a5c7f0e958dd489498812678767a871
                                                                                                                                                                                                                                                                          • Instruction ID: 5b3943d67738faa46e0768dcffd4708650f235cef305bbaac4d7a1bc4917f157
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bd55cb17d64183d9a1a1e913599bb1e4a5c7f0e958dd489498812678767a871
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7951B070A41219BBDB10EF90DC4AFEEB7BABB15704F180518F50277381DBB5AA44CBA1
                                                                                                                                                                                                                                                                          Function 005F8400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,006AF278,00000023,00000001,00000004,00000000,00000000), ref: 005F8462
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(006AF278,00000000,006AF278,00000104,\McAfee\), ref: 005F8491
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005F849D
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(006AF278,00000000,006AF278,00000104,006AF070), ref: 005F84C5
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005F84CB
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00000104), ref: 005F84FC
                                                                                                                                                                                                                                                                          • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 005F8511
                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(006AF278,00000000,006AF278,00000104,00000000), ref: 005F852E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005F8534
                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 005F85B9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                                                                                                          • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                                                                                                          • API String ID: 922589859-3713371193
                                                                                                                                                                                                                                                                          • Opcode ID: b891767fd45a7ba48c89a0835f863d4878cdb7a241ae8f96e19b03b166f9c752
                                                                                                                                                                                                                                                                          • Instruction ID: da6456c94a7ed056378d1ef1ea076724e5f2f60e7b12026287e8d2d0173cd148
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b891767fd45a7ba48c89a0835f863d4878cdb7a241ae8f96e19b03b166f9c752
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E151FC75A8031C7BDF20ABE4DC46FE97BA5BB55700F1001A5F608B7191DAB09E848F96
                                                                                                                                                                                                                                                                          Function 0064CE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0880ea36e3c9ea785b438caf94e92ed24a127e2fe8adc911cb8e0b181fdc5310
                                                                                                                                                                                                                                                                          • Instruction ID: b308a9b9ea4897fb1d0804afcb8a217517aa2196c80240f4cd98d8a2002cd734
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0880ea36e3c9ea785b438caf94e92ed24a127e2fe8adc911cb8e0b181fdc5310
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00D18C71D012069FDB619FB8C881BEEBBF6BF09300F14406DE995AB382D675A949CB50
                                                                                                                                                                                                                                                                          Function 005DB090 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 434COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB311
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB3AA
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB43B
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB21A
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB64F
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005DB67C
                                                                                                                                                                                                                                                                            • Part of subcall function 005E1230: InitOnceBeginInitialize.KERNEL32(006B823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,EC80BF5C,?,?), ref: 005E125A
                                                                                                                                                                                                                                                                            • Part of subcall function 005E1230: InitOnceComplete.KERNEL32(006B823C,00000000,00000000), ref: 005E1278
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Failed to allocate HMAC buffer, xrefs: 005DB276
                                                                                                                                                                                                                                                                          • Failed to allocate HMAC base64 buffer, xrefs: 005DB37A
                                                                                                                                                                                                                                                                          • HMAC failed to get digest size, xrefs: 005DB1EA
                                                                                                                                                                                                                                                                          • Error unable to encode the hash in Base64, xrefs: 005DB40B
                                                                                                                                                                                                                                                                          • HMAC creator initialization failed, xrefs: 005DB17D
                                                                                                                                                                                                                                                                          • Invalid arguments supplied to HMACSha256 hash., xrefs: 005DB61C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID: Error unable to encode the hash in Base64$Failed to allocate HMAC base64 buffer$Failed to allocate HMAC buffer$HMAC creator initialization failed$HMAC failed to get digest size$Invalid arguments supplied to HMACSha256 hash.
                                                                                                                                                                                                                                                                          • API String ID: 1609125544-1991084185
                                                                                                                                                                                                                                                                          • Opcode ID: c5b601d0785def3f9375d67932f039cb8484245b09a6a6ad5d2cbc41d5432f3c
                                                                                                                                                                                                                                                                          • Instruction ID: 4c3666552a4ec54aa771e73afcc445b133d7f11ce7d48ff33b48deb52b76d2b9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b601d0785def3f9375d67932f039cb8484245b09a6a6ad5d2cbc41d5432f3c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF17B70D00259DFDF24EBA4C859BEDBBB6BF54304F10415EE405AB382EB749A88CB95
                                                                                                                                                                                                                                                                          Function 00645A69 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 403COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,00000003,?,?), ref: 00645B0F
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,00000003,?,?), ref: 00645B33
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Module$FileHandleName
                                                                                                                                                                                                                                                                          • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                                                                                                                                                                                                                                          • API String ID: 4146042529-3261600717
                                                                                                                                                                                                                                                                          • Opcode ID: e799cd819eeac77f49d05f1a3a23ce8872a773158f06693203666f1c4322fc45
                                                                                                                                                                                                                                                                          • Instruction ID: 6017de0113ab73a598090dce42876165d6b6fcdf7a10127f7c79a60a3e59cdd6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e799cd819eeac77f49d05f1a3a23ce8872a773158f06693203666f1c4322fc45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C12C72A0060A6BDB646A248C46FEB336FEFA5745F04056CFC0BD2643F7309E56C966
                                                                                                                                                                                                                                                                          Function 005DD972 Relevance: 21.4, APIs: 3, Strings: 9, Instructions: 374COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005CBA20: Concurrency::cancel_current_task.LIBCPMT ref: 005CBB9D
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDBE9
                                                                                                                                                                                                                                                                            • Part of subcall function 005DD740: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DD7E7
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDB35
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDF0C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitialize
                                                                                                                                                                                                                                                                          • String ID: &se=$&sig=$&skn=$Event Sender already initialized for Azure$Failed to create HMACSha256 Hash$Failed to escape hash$SharedAccessSignature sr=$`i$`i
                                                                                                                                                                                                                                                                          • API String ID: 3638550806-3906410663
                                                                                                                                                                                                                                                                          • Opcode ID: b3055cec5d102077df2d01fa99de937797ce020a674985093cf11bb6f8539c37
                                                                                                                                                                                                                                                                          • Instruction ID: 10f3447a28822f28f5af13acc64b04f27cb6e6cfbfc2e5a24130cca150db0f40
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3055cec5d102077df2d01fa99de937797ce020a674985093cf11bb6f8539c37
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19E1C3709002599FDF24DBA4DC49BDDBB7ABF85304F10819DE408A7292EB75AB84CF61
                                                                                                                                                                                                                                                                          Function 005DE843 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 319COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DE8A8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • HTTP status error for Azure: , xrefs: 005DEA71
                                                                                                                                                                                                                                                                          • HTTP receive response failed for Azure: , xrefs: 005DEAE7
                                                                                                                                                                                                                                                                          • HTTP send request failed for Azure: , xrefs: 005DEB62
                                                                                                                                                                                                                                                                          • Failed to create access token, xrefs: 005DE881
                                                                                                                                                                                                                                                                          • `i, xrefs: 005DEC31
                                                                                                                                                                                                                                                                          • Authorization: , xrefs: 005DE8EB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`i
                                                                                                                                                                                                                                                                          • API String ID: 539357862-3724986381
                                                                                                                                                                                                                                                                          • Opcode ID: bf943868287930d55f5c601e222b59dbf0e114ba9d188137805ac0f86bf05de8
                                                                                                                                                                                                                                                                          • Instruction ID: 83120b680f101049f920ce6e9fea0a1eada368322f0835d617789f3e65b54abd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf943868287930d55f5c601e222b59dbf0e114ba9d188137805ac0f86bf05de8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFD18270900219CFDB24EB60CD4ABEDBB79BF85304F4045DDE509AA291DB706E88CF61
                                                                                                                                                                                                                                                                          Function 00600950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00600490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 006004AA
                                                                                                                                                                                                                                                                            • Part of subcall function 00600490: GetLastError.KERNEL32 ref: 006004B8
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00600BB5
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00600BC2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                                                                                                          • String ID: __$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                                                                                                          • API String ID: 1552088572-2598722560
                                                                                                                                                                                                                                                                          • Opcode ID: 65716d09ed4b1d2a501eebd0f5d0061ae68421ec4fcb008ee4ece4e8e0066bc7
                                                                                                                                                                                                                                                                          • Instruction ID: 36aef03002cb6e04f639b950d6a29ff368088118c027a0f823bdceeb890874d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65716d09ed4b1d2a501eebd0f5d0061ae68421ec4fcb008ee4ece4e8e0066bc7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5A1AF71D00349DEEF04DFA4C859BEEBBB6BF58314F144219E5057B281E7B06A89CBA1
                                                                                                                                                                                                                                                                          Function 00613300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00613545
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                                                                                          • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                                                                                                          • API String ID: 3535843008-3762851336
                                                                                                                                                                                                                                                                          • Opcode ID: fc03bd758a347d974fd48db8089e52591cb837a45c21928c93194512dcf2f01c
                                                                                                                                                                                                                                                                          • Instruction ID: 70fd21813a376fa603ac072fb8df9119913b7efaac2f1a58d81f635176e14f4f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc03bd758a347d974fd48db8089e52591cb837a45c21928c93194512dcf2f01c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82711731A40229ABDF10DF54C846BFDB7B7BF14B00F594214E9167B382DB70AA84CBA4
                                                                                                                                                                                                                                                                          Function 0065B4F0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID: xxk$xxk$|xk
                                                                                                                                                                                                                                                                          • API String ID: 269201875-4040884524
                                                                                                                                                                                                                                                                          • Opcode ID: 06d1d86711ae54c8be2bf9854ea4a2abc161f4d8da9bb236404ec9fad1ec1375
                                                                                                                                                                                                                                                                          • Instruction ID: 43cdc1a6075e2f74a4c10f38e49b220542add253ccc948238f6d489b1bb4d869
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06d1d86711ae54c8be2bf9854ea4a2abc161f4d8da9bb236404ec9fad1ec1375
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F461E172900705AFDB20DF74D841BAAB7FAAF45312F205529ED46EB381EB70AD08CB50
                                                                                                                                                                                                                                                                          Function 006387E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(006B742C,00000FA0,?,?,006387C5), ref: 006387F3
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,006387C5), ref: 006387FE
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,006387C5), ref: 0063880F
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00638821
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0063882F
                                                                                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,006387C5), ref: 00638852
                                                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(006B742C,00000007,?,?,006387C5), ref: 00638875
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,006387C5), ref: 00638885
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006387F9
                                                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 0063881B
                                                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 00638827
                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 0063880A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                                          • Opcode ID: 979b7d4c3a140a8cf2a86b5a16a7c04ef52a0e4979224b5fc45423000be9f574
                                                                                                                                                                                                                                                                          • Instruction ID: d2bea5a9ab3925f49098bc510e9c33111fbba32fa4223529ac968d00ebe2407d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 979b7d4c3a140a8cf2a86b5a16a7c04ef52a0e4979224b5fc45423000be9f574
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C01D871A447116FDB206B74AC09AD63EDFFBC8B01F451560F90DE32A0DEB1C88087A1
                                                                                                                                                                                                                                                                          Function 0065BC3F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0065BC83
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065AFE4
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065AFF6
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B008
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B01A
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B02C
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B03E
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B050
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B062
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B074
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B086
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B098
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B0AA
                                                                                                                                                                                                                                                                            • Part of subcall function 0065AFC7: _free.LIBCMT ref: 0065B0BC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BC78
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BC9A
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BCAF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BCBA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BCDC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BCEF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BCFD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BD08
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BD40
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BD47
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BD64
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BD7C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                          • Opcode ID: bbf15514634f60f1bf12d57658815f736690626dd002bdd62b48bb4f9a954d29
                                                                                                                                                                                                                                                                          • Instruction ID: 3d0c573adc78af7e6eb9495409d063f3bd515d7053ff1abd872067b48ee0477f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf15514634f60f1bf12d57658815f736690626dd002bdd62b48bb4f9a954d29
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF3168316007059BEB30AB39D805B9A73EAEF01312F24592DE85AD7391DF70AC58CB18
                                                                                                                                                                                                                                                                          Function 005EBDF0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EBE2F
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EBE51
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005EBE71
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005EBFCD
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005EBFDA
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005EBFFC
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC01E
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC023
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC028
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                                                          • API String ID: 2461315636-2658103896
                                                                                                                                                                                                                                                                          • Opcode ID: 61e9ba40152c45bb0083e11e280a7205fc2e911eaf205f078a3ddd2181e74b64
                                                                                                                                                                                                                                                                          • Instruction ID: 47d8c571ea71b64b39b2191c9d373bdb91d6309f1dfad1bf21a4e93b7b0aee29
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61e9ba40152c45bb0083e11e280a7205fc2e911eaf205f078a3ddd2181e74b64
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B761F170900396DFDB18DFA5D841BAEBBBABF40300F10415DE845AB391DBB5EA45CB91
                                                                                                                                                                                                                                                                          Function 0065B0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: e0411dfc08d8e873332823e68a10177efd0d2cddff32a61df7316f0397fed0cd
                                                                                                                                                                                                                                                                          • Instruction ID: 36e99b13307b1073f156eef24b2ff29015fd3e7cf0d7e4d35dabbf091891ff1d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0411dfc08d8e873332823e68a10177efd0d2cddff32a61df7316f0397fed0cd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCC16576D40605AFDB60DBA8CC42FEE77F9AF09701F140169FE45FB282DA709A448B94
                                                                                                                                                                                                                                                                          Function 005F91A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,0069A536,00000003), ref: 005F91C9
                                                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 005F91DE
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 005F91EE
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 005F91FD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 005F927F, 005F9336
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 005F9284, 005F933B
                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 005F91B8
                                                                                                                                                                                                                                                                          • %d.%d.%d.%d, xrefs: 005F925E
                                                                                                                                                                                                                                                                          • Failed to retrieve kernel verison, xrefs: 005F932C
                                                                                                                                                                                                                                                                          • Failed to format version, xrefs: 005F9275
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                                                                                                          • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 3968257194-3470154288
                                                                                                                                                                                                                                                                          • Opcode ID: 11cb92ac102afb3aef668eaf52718b53a1b0dc4d65a9e470f6d8517eb18a0716
                                                                                                                                                                                                                                                                          • Instruction ID: b5a204d8d95e3fedc7a41ba5d60569c7b0177b58643dd0059f9c5996e07e1425
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11cb92ac102afb3aef668eaf52718b53a1b0dc4d65a9e470f6d8517eb18a0716
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 195119746003159BDF24AF64CC49B7BBBB5FF08704F00069DE909AB2C2D775AA45CB90
                                                                                                                                                                                                                                                                          Function 00625822 Relevance: 16.7, APIs: 11, Instructions: 183COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625853
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625866
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006258AB
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006258DF
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625933
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625946
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625963
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00625980
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006259BD
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006259D0
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Makeushloc.LIBCPMT ref: 006259F8
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC930: __Getctype.LIBCPMT ref: 005EC948
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locimp::_std::locale::_$AddfacLocimp_$Lockitstd::_$GetctypeLockit::_Lockit::~_Makeushloc
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1462480416-0
                                                                                                                                                                                                                                                                          • Opcode ID: 46c9c778f961f9b0256589c7fb4b243da5403f9b8c3c43fa55e01cd7d209abf7
                                                                                                                                                                                                                                                                          • Instruction ID: 07a3ffe9d72ff51a1aec250cf2a58ff0682b6d7539308b86dd3c91f039597f19
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46c9c778f961f9b0256589c7fb4b243da5403f9b8c3c43fa55e01cd7d209abf7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A051D7B1D01E226EDB757B615C49ABF2E6EEF52360F10441DF80697242EB7489018BE2
                                                                                                                                                                                                                                                                          Function 005D9C10 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 369COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 005D9C1A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Wait failed: , xrefs: 005DA93F
                                                                                                                                                                                                                                                                          • Wait timeout. Should not have gotten this..., xrefs: 005DA86F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Mtx_destroy_in_situ
                                                                                                                                                                                                                                                                          • String ID: Wait failed: $Wait timeout. Should not have gotten this...
                                                                                                                                                                                                                                                                          • API String ID: 3543493169-4232610396
                                                                                                                                                                                                                                                                          • Opcode ID: c3216e9cc5ef3315745758c58c96f0e483221daf0afb65760ef02e70d34a5ed4
                                                                                                                                                                                                                                                                          • Instruction ID: 998eedab1ddafcef03034ebaa314ff1d1bcc413be5ce7e220ffa10b0ca3b3456
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3216e9cc5ef3315745758c58c96f0e483221daf0afb65760ef02e70d34a5ed4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65E19EB0900A159FDB24DF68C884BDBBBE6FF44314F00051EE55A97781DB78A944CF96
                                                                                                                                                                                                                                                                          Function 0063C338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 0063C435
                                                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 0063C457
                                                                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 0063C566
                                                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 0063C638
                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 0063C6BC
                                                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 0063C6D7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                          • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                                          • Opcode ID: 998cc1777497600e0ab5e241860e116237f788d9fd39797421871af1f8851c55
                                                                                                                                                                                                                                                                          • Instruction ID: ee1cd696f6e7e7846055018bb0f0d142067173d9223d83c30b618608f65af43d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 998cc1777497600e0ab5e241860e116237f788d9fd39797421871af1f8851c55
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB11471800209AFCF19DFA4C9829AEBBB6EF15320F14515AF8157B212D731EA61CFD5
                                                                                                                                                                                                                                                                          Function 005D69A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(EC80BF5C,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 005D69E9
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(EC80BF5C,?,?,00000000), ref: 005D69FB
                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 005D6A2A
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 005D6A3D
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 005D6A8B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 005D6A9E
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005D6AB8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                                                                                                          • API String ID: 2321898493-1077453148
                                                                                                                                                                                                                                                                          • Opcode ID: 74b9f814047137e1ac0557209d4b0edc254213b2c03a0c068f6a4ea2bbf5a10d
                                                                                                                                                                                                                                                                          • Instruction ID: c56a8143beeec70b405af13c6df6ea905de1d5559d4d1914166df172e9650ddc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74b9f814047137e1ac0557209d4b0edc254213b2c03a0c068f6a4ea2bbf5a10d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C33195713003019BDB249F28DC89F2A7B99BF48B20F14465AF959EB3D4DB71EC45CAA1
                                                                                                                                                                                                                                                                          Function 00614280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 0061431E
                                                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00614388
                                                                                                                                                                                                                                                                          • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00614381
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 0061432A, 0061438D, 006143DD
                                                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00614325
                                                                                                                                                                                                                                                                          • Unable to set proxy option, error: %d, xrefs: 006143CE
                                                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::Connect, xrefs: 006143D8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                                                          • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                                                                                                          • API String ID: 1452528299-2881327693
                                                                                                                                                                                                                                                                          • Opcode ID: 0bbd3e157976cbb2d0a45c0b966a2b973fe3fb0748e2708cf3ddb1964b3d22da
                                                                                                                                                                                                                                                                          • Instruction ID: 88df29ac2221320d0129e133c0b02e01880c6e1f589f7749ac3dfbd6d5d3ba4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bbd3e157976cbb2d0a45c0b966a2b973fe3fb0748e2708cf3ddb1964b3d22da
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69416071A40309AFEB10DFA5CC45BEEB7F5EF18704F048119E914B7280DBB59994CBA5
                                                                                                                                                                                                                                                                          Function 00651B91 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BA7
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BB3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BBE
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BC9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BD4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BDF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BEA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651BF5
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651C00
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651C0E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 904117da5f2566c38b3ee11cc3ce28426763c4ed4c87b2638ab8a17b297f2853
                                                                                                                                                                                                                                                                          • Instruction ID: 7f839f1d054fb439109cca8f4276cb5b01ba34a5265300bdd438b63ae1e93409
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 904117da5f2566c38b3ee11cc3ce28426763c4ed4c87b2638ab8a17b297f2853
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F421DC76900109BFCB41EFA4C891DDD7BBAFF09341F4045A9F915AB261EB31EA58CB84
                                                                                                                                                                                                                                                                          Function 00631610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00631617
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: __EH_prolog3.LIBCMT ref: 00627DF7
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00627E01
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00627E72
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                          • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                                                                          • Opcode ID: 8132fe042045ac7ea764e84579ea1bbee819d5ec92019776281c42fc68e5c77f
                                                                                                                                                                                                                                                                          • Instruction ID: 9bf513f274eb6a6c79ef7226d99758a45775f6e079333ec3078dc0509cff872d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8132fe042045ac7ea764e84579ea1bbee819d5ec92019776281c42fc68e5c77f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B18F7190010AAFCF19DF68C9A5EFE7BBBFF16300F054119F902AA291D631DA11DBA5
                                                                                                                                                                                                                                                                          Function 006319E0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006319E7
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: __EH_prolog3_GS.LIBCMT ref: 005C32E5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: std::_Lockit::_Lockit.LIBCPMT ref: 005C32F2
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: std::_Lockit::~_Lockit.LIBCPMT ref: 005C3360
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                          • API String ID: 2728201062-2891247106
                                                                                                                                                                                                                                                                          • Opcode ID: e5751175d11fd3ec84a10d4a8c56379449ca1d982e6d98cc438aecbd13b5c708
                                                                                                                                                                                                                                                                          • Instruction ID: e60f45f610b0f6c8cb3abbcafa352472d62f152bb1b77dbcb19522ebc4db7744
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5751175d11fd3ec84a10d4a8c56379449ca1d982e6d98cc438aecbd13b5c708
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1B17C7154010AAFCF19DF68C969DFE7BBBFF16304F05411AFA02AA261D631DA11DBA0
                                                                                                                                                                                                                                                                          Function 00636940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00636947
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::_Lockit.LIBCPMT ref: 005EC995
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::_Lockit.LIBCPMT ref: 005EC9B7
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::~_Lockit.LIBCPMT ref: 005EC9D7
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::~_Lockit.LIBCPMT ref: 005ECAB1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                                          • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                          • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                                          • Opcode ID: d4cb11235a5f0ef25fe43339ad402b67fc14c1570563ee3c88d66baa3b75d2d3
                                                                                                                                                                                                                                                                          • Instruction ID: 130ba4d5d50b4f4837ee952171abffb94d0a6aaa8d8579c8f28fc6495ef0e661
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4cb11235a5f0ef25fe43339ad402b67fc14c1570563ee3c88d66baa3b75d2d3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3B1AB7150010ABBCF19DF68CD5ADFE7BBAFF19304F148119FA42A6261D631DA21DBA0
                                                                                                                                                                                                                                                                          Function 00610C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,EC80BF5C,00000000), ref: 00610E20
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00610E2E
                                                                                                                                                                                                                                                                            • Part of subcall function 00610FA0: GetModuleHandleW.KERNEL32(kernel32.dll,EC80BF5C,000000FF,00000000,00000000,0066DF30,000000FF), ref: 00610FE8
                                                                                                                                                                                                                                                                            • Part of subcall function 00610FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00610FF8
                                                                                                                                                                                                                                                                            • Part of subcall function 00610FA0: GetLastError.KERNEL32 ref: 00611058
                                                                                                                                                                                                                                                                            • Part of subcall function 005F8650: std::locale::_Init.LIBCPMT ref: 005F882F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::GetContentFile, xrefs: 00610D9B, 00610E3C
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00610DA0, 00610E41, 00610F11
                                                                                                                                                                                                                                                                          • Unable to create desusertion directory (%d), xrefs: 00610D94
                                                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00610F0C
                                                                                                                                                                                                                                                                          • CreateFile failed: %d, xrefs: 00610E35
                                                                                                                                                                                                                                                                          • Failed to load cab %s, xrefs: 00610F05
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                                                                                                          • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create desusertion directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                                          • API String ID: 1808632809-3418505487
                                                                                                                                                                                                                                                                          • Opcode ID: 25162fae9128d5d3b43dc19fb128a3ad20a92586a81c89240bb924393f29ab99
                                                                                                                                                                                                                                                                          • Instruction ID: 10c9bbfc1abeb48315c4611c42c7e1d485e4676f023193163061e3dca7ef04b7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25162fae9128d5d3b43dc19fb128a3ad20a92586a81c89240bb924393f29ab99
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C791B071A00209AFDF14DFA4C886FEEB7B5EF44704F24812DF515A7281D775AA45CBA0
                                                                                                                                                                                                                                                                          Function 00621B90 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 192encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,?), ref: 00621CB1
                                                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,?), ref: 00621CE5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CertCertificateContextProperty
                                                                                                                                                                                                                                                                          • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4$MUSARUBRA US LLC
                                                                                                                                                                                                                                                                          • API String ID: 665277682-2910604786
                                                                                                                                                                                                                                                                          • Opcode ID: 11c3ffbc9796b261257ae7c8d964ba393aa494b864ce2528b03247849b2c96c8
                                                                                                                                                                                                                                                                          • Instruction ID: 0a2961ec3186006c1849122a6a27f5cc6540a1c315ae0910530da80bd49da413
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11c3ffbc9796b261257ae7c8d964ba393aa494b864ce2528b03247849b2c96c8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32513975608B518FCB20DF24EC81AA6B7A7BF62310F494A6DE8564F352D721E805CBE1
                                                                                                                                                                                                                                                                          Function 0062DE9D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0062DEA4
                                                                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 0062DF0D
                                                                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 0062DF1F
                                                                                                                                                                                                                                                                          • _Maklocchr.LIBCPMT ref: 0062DF37
                                                                                                                                                                                                                                                                          • _Maklocchr.LIBCPMT ref: 0062DF47
                                                                                                                                                                                                                                                                          • _Getvals.LIBCPMT ref: 0062DF69
                                                                                                                                                                                                                                                                            • Part of subcall function 0062760B: _Maklocchr.LIBCPMT ref: 0062763A
                                                                                                                                                                                                                                                                            • Part of subcall function 0062760B: _Maklocchr.LIBCPMT ref: 00627650
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                                                          • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                                                                          • Opcode ID: 4d43b4eb0d20980a4d225d9f611701a920adf74cf1a567af3b6ad149d877b0f5
                                                                                                                                                                                                                                                                          • Instruction ID: 4ab49a4d6cad8dd9673007e92f8180adc3e26b4e0d6f6e8a32e1421799e4cd88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d43b4eb0d20980a4d225d9f611701a920adf74cf1a567af3b6ad149d877b0f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C215372D04328AADF14EFA4E845EDF7BAAEF04710F00805AF9059F251EB709A44CFA5
                                                                                                                                                                                                                                                                          Function 00628616 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062861D
                                                                                                                                                                                                                                                                          • numpunct.LIBCPMT ref: 00628661
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00628678
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628698
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006286A5
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00628627
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                                          • String ID: <sk$Hsk
                                                                                                                                                                                                                                                                          • API String ID: 3064348918-508583839
                                                                                                                                                                                                                                                                          • Opcode ID: 85d6908662fb02dd05ce664bcf7a99dd9f9fdacb3c8cffa130500e365dc7c30c
                                                                                                                                                                                                                                                                          • Instruction ID: dbaf0b660d7bc4589e219363480a77e4815aa021f65cc0ce5c8539873a07f060
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85d6908662fb02dd05ce664bcf7a99dd9f9fdacb3c8cffa130500e365dc7c30c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B301ED7180062A9FCB04EBA4E809AEE7BB3BFD0724F24000CE415AB381CF359A058F94
                                                                                                                                                                                                                                                                          Function 0065F5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a9bd7f76ee47dea28923c9ebfc7d989f093a6528af59ee485c6df28dd3a2c162
                                                                                                                                                                                                                                                                          • Instruction ID: d6a24531c3e57a13e8f5b0445f0c0d66969ce1f18719c9a9d99081ece3db6a3c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9bd7f76ee47dea28923c9ebfc7d989f093a6528af59ee485c6df28dd3a2c162
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84C102B0E04245AFDF15CFA8D881BADBBB2BF49301F04416DE915AB392C7319D4ACB64
                                                                                                                                                                                                                                                                          Function 0062394B Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3943753294-0
                                                                                                                                                                                                                                                                          • Opcode ID: af62ac7be8bfbc4b6e96c7e1c7c1cd056fa52b6767dad51ac03a07f4c783bfaf
                                                                                                                                                                                                                                                                          • Instruction ID: 1927a7e14797976633702166c30518a47d38fa600244fda7421cfd540c7183c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af62ac7be8bfbc4b6e96c7e1c7c1cd056fa52b6767dad51ac03a07f4c783bfaf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00517C30A00A35CFCF10DF25E9859A977B6FF08710B1144AAE84AAB391D775EE84CF91
                                                                                                                                                                                                                                                                          Function 0060E760 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191encryptionCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0060E877
                                                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000014), ref: 0060E8A9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CertCertificateContextProperty
                                                                                                                                                                                                                                                                          • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4
                                                                                                                                                                                                                                                                          • API String ID: 665277682-3196566809
                                                                                                                                                                                                                                                                          • Opcode ID: 6c198011b316d129de8ec5552e892799e07b1f775fd89fd7ee2670feecfd2bb6
                                                                                                                                                                                                                                                                          • Instruction ID: 519f628162375d5d126378d9b7954c66cfe74d8a636f0c4d379150bb57b403a3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c198011b316d129de8ec5552e892799e07b1f775fd89fd7ee2670feecfd2bb6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19512971A402259BCF689F64D881BEBB7A7AF11320F0886ADDC55973D2D732ED00C790
                                                                                                                                                                                                                                                                          Function 005EE2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: z
                                                                                                                                                                                                                                                                          • API String ID: 0-1657960367
                                                                                                                                                                                                                                                                          • Opcode ID: 93b672e6977c4d7450ee54c57f2bcd1927dc33a7ec403c85f036e1b488ccfaa4
                                                                                                                                                                                                                                                                          • Instruction ID: 949048ceb229220334fa11c38233ae0afad1258468c920f7e6e63d042ce1e590
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93b672e6977c4d7450ee54c57f2bcd1927dc33a7ec403c85f036e1b488ccfaa4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0551D671E002499BEF14DB95CC46FEEBBB8FB48314F100569EA45A7281E775AE44CBA0
                                                                                                                                                                                                                                                                          Function 005D7107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7D3D
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D7DC8
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005D7DFC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7EBB
                                                                                                                                                                                                                                                                            • Part of subcall function 005E4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E521E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                                                          • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                                                                                                          • API String ID: 342047005-375236208
                                                                                                                                                                                                                                                                          • Opcode ID: 034233086337661345b479655d0c161478d94f9efebb4325e28d80ab2bd70b2a
                                                                                                                                                                                                                                                                          • Instruction ID: 641e5df7e00a0cba5673137ae3243c8655a1850f7ed9e48804cdbcb6cb0729bc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 034233086337661345b479655d0c161478d94f9efebb4325e28d80ab2bd70b2a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51B171904248DFDB14EFA4D85ABDE7BB5FF48304F5041AEE80697381EB359A08CB65
                                                                                                                                                                                                                                                                          Function 005DA6B6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,EC80BF5C,?,?), ref: 005DA531
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DA73D
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DA7AC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DA989
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                                                          • String ID: Event string is empty$Unexpected return value: $`i
                                                                                                                                                                                                                                                                          • API String ID: 1703231451-2314398599
                                                                                                                                                                                                                                                                          • Opcode ID: c0ee7d870c96bc5891aad48c110347daa2a2e7a74b61d5718e020930d7a91902
                                                                                                                                                                                                                                                                          • Instruction ID: 4ad9ae9a60559045f1927e1c432d126bf5f5c4dccd6b44f2be30d87428ccb3f9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ee7d870c96bc5891aad48c110347daa2a2e7a74b61d5718e020930d7a91902
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B751D170900209DFDF28DFA8D889BDEBB36BF50314F10425AE4155B3C2DB705A84CB56
                                                                                                                                                                                                                                                                          Function 005DD87D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DD8F5
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DDF0C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: Event Sender already initialized for Azure$Failed to encode url$`i$`i$~
                                                                                                                                                                                                                                                                          • API String ID: 1656330964-1909135126
                                                                                                                                                                                                                                                                          • Opcode ID: df7ecee9d048f00a89e0d4e8cadb31838522743165ecef083d7f1c7b6f3e2863
                                                                                                                                                                                                                                                                          • Instruction ID: ed3c17eddc6569959205c9245a31b590005b31b1e042db644904a690dee61695
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df7ecee9d048f00a89e0d4e8cadb31838522743165ecef083d7f1c7b6f3e2863
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 614113709042199FDB24EFA4DC49BDDBBBAFB85304F00429DE80867381EB716E48CB65
                                                                                                                                                                                                                                                                          Function 005EBBB0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EBBE6
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EBC06
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005EBC26
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005EBCB4
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005EBCC1
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005EBCE3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                                          • String ID: ios_base::badbit set
                                                                                                                                                                                                                                                                          • API String ID: 2966223926-3882152299
                                                                                                                                                                                                                                                                          • Opcode ID: 85d994d18829e75ebd1357a7178c573451bfbd841ed8e534aa9b350adc2209b9
                                                                                                                                                                                                                                                                          • Instruction ID: 1e8a2610bbff3258229b824bfcb760d5f2bc7674f6f38735908d1a196afaf26d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85d994d18829e75ebd1357a7178c573451bfbd841ed8e534aa9b350adc2209b9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E741DC7190465ACFDB08DF95D881BAEBBB6FB40710F20015DE44AAB351CF35AE05CB81
                                                                                                                                                                                                                                                                          Function 00628203 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062820A
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00628214
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 0062824E
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00628265
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628285
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628292
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID: `sk
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-1776582871
                                                                                                                                                                                                                                                                          • Opcode ID: 25830d9bee34b34dd2646f58ba18c0adca1c767db02a30043fd0f6312b9e8e58
                                                                                                                                                                                                                                                                          • Instruction ID: 271980d0324e0d2cba1b70af4defc7be80b931a2a2013353d1a39452bc1d21ff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25830d9bee34b34dd2646f58ba18c0adca1c767db02a30043fd0f6312b9e8e58
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA01C475901A299FCB04EBA4D845AAD7BB3BF84310F24450CF8116B381CF749F058FA4
                                                                                                                                                                                                                                                                          Function 00628298 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062829F
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006282A9
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 006282E3
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006282FA
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0062831A
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628327
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID: \sk
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-1150655523
                                                                                                                                                                                                                                                                          • Opcode ID: d45575f85698ae266b33ba6957ea6a38fc1c26076d0202d8f901a0c4920e6ca6
                                                                                                                                                                                                                                                                          • Instruction ID: cde45a0694fdc1812b5f06c8420bd7c8cc65a9abaa0ea8f822f541197bec1689
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45575f85698ae266b33ba6957ea6a38fc1c26076d0202d8f901a0c4920e6ca6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2701A17590052A9FCB04EBA4E805AAE7BB3BF84710F18050DE4116B3D1CF749E05CF94
                                                                                                                                                                                                                                                                          Function 0062832D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00628334
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0062833E
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 00628378
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0062838F
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006283AF
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006283BC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID: 8sk
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-189530079
                                                                                                                                                                                                                                                                          • Opcode ID: fbfdbb92f03fcb3c31d0f1cc73d8cb8d7404922f9cc218608c447b1761fb2b9c
                                                                                                                                                                                                                                                                          • Instruction ID: a0b207c989ac36a2ecc95feb170118e44dd08941ff5526063f53d7d2f3aa7c49
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbfdbb92f03fcb3c31d0f1cc73d8cb8d7404922f9cc218608c447b1761fb2b9c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E01AD7590062A9FCB04EBA4D805AAE7BB3BF84710F24050CE811AB391CF749E069B95
                                                                                                                                                                                                                                                                          Function 006283C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006283C9
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006283D3
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 0062840D
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00628424
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628444
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628451
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID: 4sk
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-38864571
                                                                                                                                                                                                                                                                          • Opcode ID: c601bb45cd02168c7ab0f4eb6f4359de3f15d302c79866356f469b1627297b5f
                                                                                                                                                                                                                                                                          • Instruction ID: 7033a6a05b50914f47fb4275e4644641eaf69dd769971e490c3b68a990692300
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c601bb45cd02168c7ab0f4eb6f4359de3f15d302c79866356f469b1627297b5f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C01AD7590063A9FCB04EBA4D805AAE7BB7BF94310F24050CF812AB381DF749E058B95
                                                                                                                                                                                                                                                                          Function 00627CC6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627CCD
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627CD7
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 00627D11
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627D28
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627D48
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627D55
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                          • String ID: Lsk
                                                                                                                                                                                                                                                                          • API String ID: 1767075461-1488142163
                                                                                                                                                                                                                                                                          • Opcode ID: 04116c86cacfb050832c1d3881c713840fa5951225a51c5dd84ce8b0cf51e266
                                                                                                                                                                                                                                                                          • Instruction ID: 79d38f9938715d0f81f322d4d385325997007fe5103d400f964a479a45eda042
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04116c86cacfb050832c1d3881c713840fa5951225a51c5dd84ce8b0cf51e266
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401E1718045359FCB05EBA4E805ABD7BB7BF94320F14040CE4166B3C1CF749A059F94
                                                                                                                                                                                                                                                                          Function 00627D5B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627D62
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627D6C
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 00627DA6
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627DBD
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627DDD
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627DEA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                          • String ID: $sk
                                                                                                                                                                                                                                                                          • API String ID: 1767075461-511157707
                                                                                                                                                                                                                                                                          • Opcode ID: 66aba1e27e7ee406e4db76f710379e54a3ecefac7938d4c9235088ad9ee7a8c0
                                                                                                                                                                                                                                                                          • Instruction ID: 80c533e6f0f07791b59b0fd75ce046d40dc7f08981347b6ecbd414ebdaccf57e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66aba1e27e7ee406e4db76f710379e54a3ecefac7938d4c9235088ad9ee7a8c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C01AD7590462A9BCB05EBA4D805ABE7BB3BF94310F24450CF412AB391DF749E058F98
                                                                                                                                                                                                                                                                          Function 00627E85 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627E8C
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627E96
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • messages.LIBCPMT ref: 00627ED0
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627EE7
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627F07
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627F14
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                          • String ID: Psk
                                                                                                                                                                                                                                                                          • API String ID: 958335874-1301243207
                                                                                                                                                                                                                                                                          • Opcode ID: 45a304d52da3bebf9bbe3da8a5ac763e932e79083e462d3e407cbb5e2d4f7cad
                                                                                                                                                                                                                                                                          • Instruction ID: 8e207f877c54a6e6b6d94145c7bc7efe2ed9f4bd6036b3fbb4183775605e6d24
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45a304d52da3bebf9bbe3da8a5ac763e932e79083e462d3e407cbb5e2d4f7cad
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01AD7590862A9FCB05EBA4E805ABE7BB3BF94320F24054DF411AB391DF749A05CB94
                                                                                                                                                                                                                                                                          Function 00627F1A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627F21
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627F2B
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • messages.LIBCPMT ref: 00627F65
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627F7C
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627F9C
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627FA9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                          • String ID: (sk
                                                                                                                                                                                                                                                                          • API String ID: 958335874-393043119
                                                                                                                                                                                                                                                                          • Opcode ID: d49f5d7e1848aabed63065bb4265d1a0e842cc91eeae7ed03a06f738cd05d927
                                                                                                                                                                                                                                                                          • Instruction ID: 5c1469fc8ea7f8c140d436b0965b2f0266c865bdcaddeb980a2a7485bcaf3341
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d49f5d7e1848aabed63065bb4265d1a0e842cc91eeae7ed03a06f738cd05d927
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E01AD7590862A9FCB04EBA4E945AAE7BB3BFD4710F24410DF815AB381CF749A058F94
                                                                                                                                                                                                                                                                          Function 0060C600 Relevance: 12.2, APIs: 8, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 0060C641
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: __EH_prolog3.LIBCMT ref: 0062308B
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::_Lockit::_Lockit.LIBCPMT ref: 00623096
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::locale::_Setgloballocale.LIBCPMT ref: 006230B1
                                                                                                                                                                                                                                                                            • Part of subcall function 00623084: std::_Lockit::~_Lockit.LIBCPMT ref: 00623107
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0060C6CB
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0060C713
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0060C748
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0060C7DD
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0060C82B
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0060C84C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0060C85B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_std::locale::_$Locinfo::_$AddfacH_prolog3InitLocimp::_Locimp_Locinfo_ctorLocinfo_dtorSetgloballocale_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3887427400-0
                                                                                                                                                                                                                                                                          • Opcode ID: f298a0a1c42694a12571b6e2aad9f715064ea9ca71caae735e3fd848aec38b2d
                                                                                                                                                                                                                                                                          • Instruction ID: df4d707a9974350d7f32c4380da788f976063630fb5fbdffbd8b0da1f15d0701
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f298a0a1c42694a12571b6e2aad9f715064ea9ca71caae735e3fd848aec38b2d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2A1BBB0D007489FEB10DFA9D844B9EBBF6AF04314F10462DE805A7392EB75AA44CF95
                                                                                                                                                                                                                                                                          Function 0065A764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3409252457-0
                                                                                                                                                                                                                                                                          • Opcode ID: a43a3146bd254cb5809d5fe7694b3a19073cfacb8b57f707a5b5e5f47ac3774c
                                                                                                                                                                                                                                                                          • Instruction ID: d5f819bbac092f038f7264bc023efde0a5573cbca7359a589512288ce60ff979
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a43a3146bd254cb5809d5fe7694b3a19073cfacb8b57f707a5b5e5f47ac3774c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55511AB1904316AFDB20AFF49C41AAD7BB7AF01312F05436EED519B381EB318949CB56
                                                                                                                                                                                                                                                                          Function 005E8690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0063987E: EnterCriticalSection.KERNEL32(006B77A0,?,00000001,?,005E86A7,00000000,?,00000001,?,00000000,?,?,005EC338,-00000010), ref: 00639889
                                                                                                                                                                                                                                                                            • Part of subcall function 0063987E: LeaveCriticalSection.KERNEL32(006B77A0,?,005E86A7,00000000,?,00000001,?,00000000,?,?,005EC338,-00000010,?,?,?,EC80BF5C), ref: 006398B5
                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 005E86D6
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 005E86E4
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 005E86EF
                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 005E86FD
                                                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,00000006), ref: 005E8764
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 005E8776
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 005E8785
                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 005E8797
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 506522749-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e93509e87dda7a48da2ed80981207c454568e96fcddf92c8937d161ea15a7f6
                                                                                                                                                                                                                                                                          • Instruction ID: d5e4a111c7799bf82221d0ade2836b72c10e6eae3ece1ec9b1bd25f2c4584c8a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e93509e87dda7a48da2ed80981207c454568e96fcddf92c8937d161ea15a7f6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 494128716042529BC7289F199884A3BBBE9FF94300F10192DFDDED7241EF36DC5586A1
                                                                                                                                                                                                                                                                          Function 0065087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                            • Part of subcall function 00651CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650B8A
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650BA3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650BE1
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650BEA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650BF6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: C
                                                                                                                                                                                                                                                                          • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                                          • Opcode ID: b559ee766a1aec49c1b90aa1a0c24e9ddd9eed9f69bd904bc3f71df4c8768e5a
                                                                                                                                                                                                                                                                          • Instruction ID: b7b8411bab0d65097dd2c4650e5f6e27c56aa067e060524ccbb43109340dc782
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b559ee766a1aec49c1b90aa1a0c24e9ddd9eed9f69bd904bc3f71df4c8768e5a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22B14B75A0121A9FEB24DF28C894AADB3B6FF09305F5045EEE849A7351D731AE94CF40
                                                                                                                                                                                                                                                                          Function 005E1230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InitOnceBeginInitialize.KERNEL32(006B823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,EC80BF5C,?,?), ref: 005E125A
                                                                                                                                                                                                                                                                          • InitOnceComplete.KERNEL32(006B823C,00000000,00000000), ref: 005E1278
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 005E13E3
                                                                                                                                                                                                                                                                          • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 005E12EC, 005E13D7
                                                                                                                                                                                                                                                                          • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 005E12F8
                                                                                                                                                                                                                                                                          • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 005E12F3, 005E13DE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                                                                                                          • API String ID: 51270584-3897904871
                                                                                                                                                                                                                                                                          • Opcode ID: 5e24e47e9a0d9a86ea9452429d3ab183c0b6e47c2c96d4fa5ad14afd637dc6b5
                                                                                                                                                                                                                                                                          • Instruction ID: 2b2f5e4497fe9b951ddf79cceb5dda9bfaf95f47f371ef057ee8cf7a242e6c16
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e24e47e9a0d9a86ea9452429d3ab183c0b6e47c2c96d4fa5ad14afd637dc6b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF51B1717047469FDB08EF69DC42B6E7BA5BF98700F04052EF949D7281DA31D904CB9A
                                                                                                                                                                                                                                                                          Function 00601D9A Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00601DBB
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00601E03
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00601E38
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00601ECD
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00601F1B
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00601F3C
                                                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00601F4B
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Locinfo::_Lockit::_Lockit::~_$AddfacLocimp::_Locimp_Locinfo_ctorLocinfo_dtor_freestd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2317827675-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e3ed53b8edd3e861cb5bfcbeecf12536314fbd4caeceb7e60a2598c9ef5f179
                                                                                                                                                                                                                                                                          • Instruction ID: 724475db4103e3a058b888cd53cdc1d31b6d07819ef38fb746c0897ec6d60397
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3ed53b8edd3e861cb5bfcbeecf12536314fbd4caeceb7e60a2598c9ef5f179
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C71BEB0E002459FEB14DFA4D845BAEBBF6AF05304F044119E805AB392EB75EA44CB91
                                                                                                                                                                                                                                                                          Function 005E52D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 0-1483847951
                                                                                                                                                                                                                                                                          • Opcode ID: 26450da936a1def305d4db737c78102eaa41173e170db9ac0604cec72bf5abfb
                                                                                                                                                                                                                                                                          • Instruction ID: 5335137335117ec4dc5bce833d352f1f88aaf3bfd15a07824233f0b12756dc23
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26450da936a1def305d4db737c78102eaa41173e170db9ac0604cec72bf5abfb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71817770904789CBEB28CFA8C9487DDBFB6BF45304F204259D464AB792E7794A48CB51
                                                                                                                                                                                                                                                                          Function 0063BE00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0063BE37
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0063BE3F
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0063BEC8
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0063BEF3
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0063BF48
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: 7261e493ec9c31f26cfea5437587b26f3a6a0c934a6af725e508fa7e1bed11cd
                                                                                                                                                                                                                                                                          • Instruction ID: 624243e510b78ec0eb6244de7402ef6ba3bff5abcab08d9f1c2ea1a61db3def5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7261e493ec9c31f26cfea5437587b26f3a6a0c934a6af725e508fa7e1bed11cd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA41B134A00208AFCF10EF68D880ADEBBB7AF45364F149159EA149B392D7319E15CFD1
                                                                                                                                                                                                                                                                          Function 005EC960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EC995
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005EC9B7
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005EC9D7
                                                                                                                                                                                                                                                                          • __Getctype.LIBCPMT ref: 005ECA70
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005ECA82
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005ECA8F
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005ECAB1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3947131827-0
                                                                                                                                                                                                                                                                          • Opcode ID: 647148ff9202117fdc1ce7cb832535ddbe74a794989bf984c756b2464f87ed5e
                                                                                                                                                                                                                                                                          • Instruction ID: 9b23c9fada59a477f110dd2c9286f9e2073e530036f59a9e555185c4b662cdbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 647148ff9202117fdc1ce7cb832535ddbe74a794989bf984c756b2464f87ed5e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41CE71900299CFCB14DF59D841AAEBBB6FF44314F10416DE84AAB392DB34EA46CB81
                                                                                                                                                                                                                                                                          Function 005DA550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,EC80BF5C,?,?), ref: 005DA531
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DA58B
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DA989
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DA99D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Unexpected return value: , xrefs: 005DA8CC
                                                                                                                                                                                                                                                                          • Thread signalled when event queue is empty, xrefs: 005DA614
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                                                                                                          • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                                                                                                          • API String ID: 3324347728-3645029203
                                                                                                                                                                                                                                                                          • Opcode ID: cb254c92d734fd5c6e021d274e1512f6e75245cf938a359d7e90038342cec4e1
                                                                                                                                                                                                                                                                          • Instruction ID: 30db1620cf6c25fec87e23b0d044d08c186dea740b4aa444ecfc6e6b0d717892
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb254c92d734fd5c6e021d274e1512f6e75245cf938a359d7e90038342cec4e1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3941DEB0C00219DAEF24DFA4D849BDEBB7ABF50314F10429AE40567381EB745A89CF52
                                                                                                                                                                                                                                                                          Function 0065416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                                                                                                                          • Opcode ID: dbb61e8d5f47821f220168f0ecb45a06e68dd83cdbc9e9009164abca16fc10ac
                                                                                                                                                                                                                                                                          • Instruction ID: 1fc6617aadce3875d6b8242f371941602a054dda2bf6e584794fd5aec94b3507
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb61e8d5f47821f220168f0ecb45a06e68dd83cdbc9e9009164abca16fc10ac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD212771A05621BBCB318B64DC40AAA37AB9B1576AF1112D0FC16A73D1DE31DD89C5F0
                                                                                                                                                                                                                                                                          Function 0065B9B3 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0065B6FF: _free.LIBCMT ref: 0065B724
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA01
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA0C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA17
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA6B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA76
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA81
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065BA8C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: c22744a6882dbffdb4525d9527ade6ae6b6bf27445b1f441715d8059192af9a9
                                                                                                                                                                                                                                                                          • Instruction ID: a579ffabe7a4e53f63dc2672e02088c7d7107bad69c2035fa859b4c97544b410
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c22744a6882dbffdb4525d9527ade6ae6b6bf27445b1f441715d8059192af9a9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF11B131542F45AAD5B0BBB1CC07FCB779E9F01702F40181CBAAE66192EB74B41D8648
                                                                                                                                                                                                                                                                          Function 00628044 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062804B
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00628055
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006280A6
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006280C6
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006280D3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: ,sk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-275051635
                                                                                                                                                                                                                                                                          • Opcode ID: 1111e8e2d8236718da9a31c91f999a9d724c5344f1008d749029b6059761f9d7
                                                                                                                                                                                                                                                                          • Instruction ID: cb9e95b9e5171b995ada7ad0a06687e725e60de2c788b6d44b44f5434bbf1a51
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1111e8e2d8236718da9a31c91f999a9d724c5344f1008d749029b6059761f9d7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA01A1759006299FCB05EBA4E845AAE7BB3BF94710F28010CE4116B3C1CF759A498B94
                                                                                                                                                                                                                                                                          Function 006280D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006280E0
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006280EA
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0062813B
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0062815B
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628168
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: Xsk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1134310655
                                                                                                                                                                                                                                                                          • Opcode ID: 83888561387c2684d8ecd715496746e9241c8105d1ad2d79bd0d3c3983d32d87
                                                                                                                                                                                                                                                                          • Instruction ID: ad92638bf9fecb33e21ece44b81a41a13698daa6993ffea63a6be53bb86da5e8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83888561387c2684d8ecd715496746e9241c8105d1ad2d79bd0d3c3983d32d87
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601A17590062A9FCB05EBA4E849AEE7BB3BF94710F24050CE4116B3C1CF749A458F94
                                                                                                                                                                                                                                                                          Function 0062816E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00628175
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0062817F
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006281D0
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006281F0
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006281FD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: 0sk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-89697895
                                                                                                                                                                                                                                                                          • Opcode ID: e15ea11970b4b2c9fd089220de185d4e03e1174f959f9dc4a20d733b14ac4bf0
                                                                                                                                                                                                                                                                          • Instruction ID: 6261467daf1024835d8d9d399333feb2a26e2dd352061ce626d6841c665f329c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e15ea11970b4b2c9fd089220de185d4e03e1174f959f9dc4a20d733b14ac4bf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401A1759006269FCB04EBA4D805AAD7BB7BF94310F24450DE811AB3D1CF749E068F94
                                                                                                                                                                                                                                                                          Function 00628457 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062845E
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00628468
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006284B9
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006284D9
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006284E6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: @sk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1370080823
                                                                                                                                                                                                                                                                          • Opcode ID: 862197f38e8fc6c8c6c976d9f40b02bd3ee34b04e0300eb1d770b2885885b362
                                                                                                                                                                                                                                                                          • Instruction ID: 6178cb70e9a4213fead21af1e834a374ca5a54851ea919844bd9c9872e9351e4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 862197f38e8fc6c8c6c976d9f40b02bd3ee34b04e0300eb1d770b2885885b362
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B601AD7590062A9FCB05FBA4D805AAE7BB3BF94720F24050CF412AB382DF749A05CF94
                                                                                                                                                                                                                                                                          Function 006284EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006284F3
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006284FD
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0062854E
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0062856E
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062857B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: sk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-427691287
                                                                                                                                                                                                                                                                          • Opcode ID: fb3264d9b169c5725cf6e8d66086811b1433625244580a5847eb43ea60d7b73e
                                                                                                                                                                                                                                                                          • Instruction ID: 6f476faacc11d691252d9b8593ef4ce80b7e26a7a6b59dbc32900af67829b29a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb3264d9b169c5725cf6e8d66086811b1433625244580a5847eb43ea60d7b73e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C701A175900A369FCB04EBA4E805AAE7BB3BF84320F24450DE411AB391CF749A058F95
                                                                                                                                                                                                                                                                          Function 00628581 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00628588
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00628592
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006285E3
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628603
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628610
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: Dsk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1453354731
                                                                                                                                                                                                                                                                          • Opcode ID: 29eaa9fa9248d72a113aff945fa70fe97b408bf23326c33061e226be1c392ff8
                                                                                                                                                                                                                                                                          • Instruction ID: 18349d525164d3fe22865ea33100ac18805e5e3de76be38e1897be72a8b33dbd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29eaa9fa9248d72a113aff945fa70fe97b408bf23326c33061e226be1c392ff8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8301C07590062A9FCB44EFA4D805AEE7BB3BF94720F24054DF411AB381CF749A058F95
                                                                                                                                                                                                                                                                          Function 006286AB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006286B2
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006286BC
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0062870D
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0062872D
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062873A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: dsk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1861036043
                                                                                                                                                                                                                                                                          • Opcode ID: 1c96991e484bbbe3f2737dc83aa6cfb6a7d181628355ffcc5017462ab8bbf0d4
                                                                                                                                                                                                                                                                          • Instruction ID: 0b177873ed19e40d51b1d572f503725701181a38e371631bc0a8b8f802b79db9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c96991e484bbbe3f2737dc83aa6cfb6a7d181628355ffcc5017462ab8bbf0d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D001C075904A2A9FCB05EBA4D805AEEBBB3BF94310F24014CF811AB381DF749E058F94
                                                                                                                                                                                                                                                                          Function 006287D5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006287DC
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006287E6
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00628837
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628857
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00628864
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: hsk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1744294255
                                                                                                                                                                                                                                                                          • Opcode ID: a58642b66b2f1ef9b221eea9d2686a12609a5aed6711cf3829e22cb4ec1048c5
                                                                                                                                                                                                                                                                          • Instruction ID: 090d67f4fab57e221e88d4a7efbfb1ddb2359d232990efed32dc86a64b09f896
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58642b66b2f1ef9b221eea9d2686a12609a5aed6711cf3829e22cb4ec1048c5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C801A1759006269FCB44EBA4E805AEE7BB3BF94710F24450DE4116B381CF789A458F94
                                                                                                                                                                                                                                                                          Function 00627FAF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627FB6
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627FC0
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00628011
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00628031
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062803E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID: Tsk
                                                                                                                                                                                                                                                                          • API String ID: 55977855-1250348443
                                                                                                                                                                                                                                                                          • Opcode ID: bbed5b228a6ce0a8aa922ba8b7e186f792822f516d187664812e738fe9ad9d4d
                                                                                                                                                                                                                                                                          • Instruction ID: c1f144bd08c52ea2386b0b45cf3b302b22c2caf8fdda6fc5d667c94d80512c30
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbed5b228a6ce0a8aa922ba8b7e186f792822f516d187664812e738fe9ad9d4d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6301C47590452A9FCB05EBA4E805AEE7BB3BF84710F14050DF4116B381CFB49E058F94
                                                                                                                                                                                                                                                                          Function 006388B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388BA
                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(006B742C,?,?,005D4086,006B827C,006768E0,?), ref: 006388ED
                                                                                                                                                                                                                                                                          • RtlWakeAllConditionVariable.NTDLL ref: 00638964
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,005D4086,006B827C,006768E0,?), ref: 0063896E
                                                                                                                                                                                                                                                                          • ResetEvent.KERNEL32(?,005D4086,006B827C,006768E0,?), ref: 0063897A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                                                          • String ID: ,tk
                                                                                                                                                                                                                                                                          • API String ID: 3916383385-1596285620
                                                                                                                                                                                                                                                                          • Opcode ID: 70fb51e12280b5aa32bc822faf0cbaaf6852868ff97f4376c522c162ff5e72e8
                                                                                                                                                                                                                                                                          • Instruction ID: d190d3246a7fbabec7935e5c64497e66f5e61db33253c6bda5a0b76aebec2f17
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70fb51e12280b5aa32bc822faf0cbaaf6852868ff97f4376c522c162ff5e72e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 240146B1614120DFC708AF28FC489997BABEB8E72270161AAF805D3361CB316891DF91
                                                                                                                                                                                                                                                                          Function 0065576D Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(?,005F860A,00000000), ref: 006557B5
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00655994
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 006559B1
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,005F860A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006559F9
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00655A39
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00655AE5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4031098158-0
                                                                                                                                                                                                                                                                          • Opcode ID: 93c3051a5e50d42662829dad0fbd9b38907fdd02279f8a6690dd8713827ab1e8
                                                                                                                                                                                                                                                                          • Instruction ID: 3a1d8eda621277a9391dc896a7c22d5c38e1afc39b9c9018343861bfc2a84d47
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93c3051a5e50d42662829dad0fbd9b38907fdd02279f8a6690dd8713827ab1e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12D1BC71D006599FCF15CFA8C8949EDBBB6BF48314F28016AE856FB342D731A94ACB50
                                                                                                                                                                                                                                                                          Function 0063809D Relevance: 9.2, APIs: 6, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00638128
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006381B6
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00638228
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00638242
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006382A5
                                                                                                                                                                                                                                                                          • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 006382C2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2984826149-0
                                                                                                                                                                                                                                                                          • Opcode ID: 958eaa288d3a2cf2a53c3c638216fb2fa1bfa03850681fa1fb774f34cad635e2
                                                                                                                                                                                                                                                                          • Instruction ID: 924c55fbf646bd419991811ec79460f015dfb08b72902675c2db61fdfd33d3a1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 958eaa288d3a2cf2a53c3c638216fb2fa1bfa03850681fa1fb774f34cad635e2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8071687290070AAFDF218EA4CC41AEF7BBBAF49354F280159F815A7251DB358A45CBE4
                                                                                                                                                                                                                                                                          Function 006022F0 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 446COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00602319
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00602369
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: XML hound handler failed.$_=nil}$h|oh
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-537813966
                                                                                                                                                                                                                                                                          • Opcode ID: f1f7f6a9dfd79385916fc4d91d7345404ad8b04286a022397482e00dcd195142
                                                                                                                                                                                                                                                                          • Instruction ID: 8f1b925037bb2c6fb45c16cf840b86f274f34fdb67f9183a0786335f54f5a304
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1f7f6a9dfd79385916fc4d91d7345404ad8b04286a022397482e00dcd195142
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16F1D37190020AAFDB28DFA8CC59BAEBBF6FF44304F14855DE409A72D1D774A984CB94
                                                                                                                                                                                                                                                                          Function 006268B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00626901
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0062696C
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00626989
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006269C8
                                                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00626A27
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00626A4A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2829165498-0
                                                                                                                                                                                                                                                                          • Opcode ID: 83bf6b9e620ab24e3919510427473fad2834dd5f52bd4b4ef354da660b6a223e
                                                                                                                                                                                                                                                                          • Instruction ID: e594746de7c7294d8a2ddcbdb7476b42fcb20a5d3e5f3e6fc666ea99ea8c0c82
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83bf6b9e620ab24e3919510427473fad2834dd5f52bd4b4ef354da660b6a223e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA51B172900626AFDF209F64EC41FEA7BABEB44750F248429F914A6250DB31DD54CF60
                                                                                                                                                                                                                                                                          Function 005EDF80 Relevance: 9.2, APIs: 6, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,EC80BF5C), ref: 005EE00F
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000014,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005EE073
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,00000001), ref: 005EE104
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005EE112
                                                                                                                                                                                                                                                                          • FreeSid.ADVAPI32(00000000,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005EE11D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLocal$AllocErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3195132385-0
                                                                                                                                                                                                                                                                          • Opcode ID: c8bf8cd97964ed811887196d359b267f82365378cd24aa6330232249809e3a65
                                                                                                                                                                                                                                                                          • Instruction ID: 8376058ba8220710a1de34be07d88a39e23a77a5568dccb2cd82f347d7590818
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8bf8cd97964ed811887196d359b267f82365378cd24aa6330232249809e3a65
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C513871E00259ABDB04DFA5CC86BEEBBB9FF48714F00412AE905B7381D7759944CBA0
                                                                                                                                                                                                                                                                          Function 005CE790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 005CE7D7
                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 005CE811
                                                                                                                                                                                                                                                                          • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 005CE86D
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 005CE8C7
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 005CE8DC
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 005CE917
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2792426717-0
                                                                                                                                                                                                                                                                          • Opcode ID: 20c9b493851b79986ce3770ddfd56e772f49537171c50e0e9b4d8b13b19b279f
                                                                                                                                                                                                                                                                          • Instruction ID: f9a16ace3458ccc785ad04663a9fedfacf469c1358a835bc0e6f34638e8772d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20c9b493851b79986ce3770ddfd56e772f49537171c50e0e9b4d8b13b19b279f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38414C71901258AFEF14DFA4DD4AFDEBBB9FF08704F200129F905A6290D7799A48CB64
                                                                                                                                                                                                                                                                          Function 005C8D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C8D46
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C8D66
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005C8D86
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005C8E57
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005C8E64
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005C8E86
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2966223926-0
                                                                                                                                                                                                                                                                          • Opcode ID: e1ae191d237bd0cf2a09d3905edf8b783342dddb4708defb5c93d8d71d7691ca
                                                                                                                                                                                                                                                                          • Instruction ID: 736a09efa3baf4f40e7702d15ac94939365b45eb35f15a590e9efbf1d1a64335
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ae191d237bd0cf2a09d3905edf8b783342dddb4708defb5c93d8d71d7691ca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73419AB19002159FCB15EFA5D881BAEBBBAFF50310F14425DE406AB292DF35AA05CBD1
                                                                                                                                                                                                                                                                          Function 005D3400 Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005D3435
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005D3457
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005D3477
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 005D353A
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005D3547
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005D3569
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2966223926-0
                                                                                                                                                                                                                                                                          • Opcode ID: 032ee658507ea8938f06d021843e4fd8aed2a75a1c1dc3f407d7e8651ce8b4e8
                                                                                                                                                                                                                                                                          • Instruction ID: 7cd03bece2a11867b59de13dc975e9191e1deb1aac4507ae08c39feb6e2e1d00
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 032ee658507ea8938f06d021843e4fd8aed2a75a1c1dc3f407d7e8651ce8b4e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C941DF71900655CFCB11DF58D844AADBBB6FF44310F14425EE805AB352EB38EB45CB92
                                                                                                                                                                                                                                                                          Function 005C32DE Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005C32E5
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C32F2
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005C3340
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005C3360
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005C336D
                                                                                                                                                                                                                                                                          • __Towlower.LIBCPMT ref: 005C3388
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2111902878-0
                                                                                                                                                                                                                                                                          • Opcode ID: 700006f38711dc3abae80ae3fd9dcdf407c47f4eb82515ab38d530d363aa8168
                                                                                                                                                                                                                                                                          • Instruction ID: 04454ffa82f98ff96c7af3477a3a84840732ee84eaff727f22d67a5752e2480c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 700006f38711dc3abae80ae3fd9dcdf407c47f4eb82515ab38d530d363aa8168
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E811027290061A8FCB05EBA4E445EAEBBBABF84710F24451DF5056B392CF349F41CB95
                                                                                                                                                                                                                                                                          Function 0063BFCA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,0063BFC1,0063A1CC,006395E4), ref: 0063BFD8
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0063BFE6
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0063BFFF
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,0063BFC1,0063A1CC,006395E4), ref: 0063C051
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: f766e40e84547a745ba05401309df22c4e2325283c519315bc962c812be371fc
                                                                                                                                                                                                                                                                          • Instruction ID: fde55e08190636b163a99c2d69d32c3d5fac81b34dd557558b467e58330e7372
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f766e40e84547a745ba05401309df22c4e2325283c519315bc962c812be371fc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62019E32208611AEE7692BB47C856AA2A97AB53774F30222DF110651E4EF635C0597C9
                                                                                                                                                                                                                                                                          Function 0062435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00624362
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0062436C
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 006243A6
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006243BD
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006243DD
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006243EA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2133458128-0
                                                                                                                                                                                                                                                                          • Opcode ID: 81cd777edf2346b418d52c49e764fed4714a55d0418423f38667dbba6aec9e9a
                                                                                                                                                                                                                                                                          • Instruction ID: e829e5904701a41bfd46538e9417dbed2fbb49166543a34534fb1f0344f6fe71
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81cd777edf2346b418d52c49e764fed4714a55d0418423f38667dbba6aec9e9a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F501AD7590062A9BCB04FBA4E845AAE7BB3BF94310F24450DF411AB381CF749A058F94
                                                                                                                                                                                                                                                                          Function 00634475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0063447C
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00634486
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 006344C0
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006344D7
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006344F7
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00634504
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1767075461-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3602d63553423f26ef2a4fb240abafbdd740803098b1eab5048988238690ea42
                                                                                                                                                                                                                                                                          • Instruction ID: bf8ae5abf7b0f3038a4b1918801ba1859c8c5c1a596dfe5c4b42e722ff34b2d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3602d63553423f26ef2a4fb240abafbdd740803098b1eab5048988238690ea42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B01C47590422A9FCB04EBA4D845AADBBB3FF94320F24051DF4116B382CF74AE058BD4
                                                                                                                                                                                                                                                                          Function 0063450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00634511
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0063451B
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • messages.LIBCPMT ref: 00634555
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0063456C
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0063458C
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00634599
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 958335874-0
                                                                                                                                                                                                                                                                          • Opcode ID: 54f0371356ac865a935b57be88560cafa5318bcd9be0604001fca88a9fc6306f
                                                                                                                                                                                                                                                                          • Instruction ID: 2ce6e96f59dd10ad46eb5da8759c9191e3566a08a2c39f9875da43215157279c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54f0371356ac865a935b57be88560cafa5318bcd9be0604001fca88a9fc6306f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D01C07591022A9FCB04EBA4D845AEEBBB7BF84320F24050DF411AB381CF74AE058BD4
                                                                                                                                                                                                                                                                          Function 006346C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006346D0
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006346DA
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 00634714
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0063472B
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0063474B
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00634758
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5791061d96643529fe97e2aced7468da7ad5b172e13842d6af0ce0a647009cfb
                                                                                                                                                                                                                                                                          • Instruction ID: f08381a366da1ce11ca58f52687f68261c7fe918aecbba30f440f206b3aaee71
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5791061d96643529fe97e2aced7468da7ad5b172e13842d6af0ce0a647009cfb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4901C47590022A9FCB04EBA4C845ABEBBB7BF94310F15014CF4216B391CF74AE05CB94
                                                                                                                                                                                                                                                                          Function 0063475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00634765
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0063476F
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 006347A9
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006347C0
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006347E0
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006347ED
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3376033448-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9e86f11afb74503fa3db6e5827fa184fb6729240594edf081c58f01ca48a8cba
                                                                                                                                                                                                                                                                          • Instruction ID: b03faf19e812c96c068e82ca489709314abf3828c587803ffe630a0fe5530f88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e86f11afb74503fa3db6e5827fa184fb6729240594edf081c58f01ca48a8cba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F01C07591022A9FCB04EFA4D845AAEBBB3BF94724F24050CF411AB391CF74AA05CBD4
                                                                                                                                                                                                                                                                          Function 00627C31 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627C38
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627C42
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 00627C7C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627C93
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627CB3
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627CC0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2133458128-0
                                                                                                                                                                                                                                                                          • Opcode ID: 53ecc3a7a484049efc9d20ac41124cbb6c0200d8704292c0be97da4283ff4903
                                                                                                                                                                                                                                                                          • Instruction ID: 144370542b69d1a24fd76cc651dede144b74bbe06a65fc5314fe65003fc84413
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ecc3a7a484049efc9d20ac41124cbb6c0200d8704292c0be97da4283ff4903
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8701A1759045269FCB04EBA4E805AAEBBB7BF94720F14050DF411AB3D1CF74AA458F94
                                                                                                                                                                                                                                                                          Function 00627DF0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00627DF7
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00627E01
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • ctype.LIBCPMT ref: 00627E3B
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00627E52
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00627E72
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00627E7F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2958136301-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4367dcaaa13d65a55950759d331cf63f1b5950fb1a084e9e2052d67ee93e7921
                                                                                                                                                                                                                                                                          • Instruction ID: 19a10c50e310a83ef6d94bd5abd4cb3dd3879a59d2fde871f963a79b7955533d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4367dcaaa13d65a55950759d331cf63f1b5950fb1a084e9e2052d67ee93e7921
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B01CB7180062A9BCB04EBA4E805AAE7BA3BF80310F24404CE811AB3D1CF348E058FA1
                                                                                                                                                                                                                                                                          Function 005EC410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC546
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC54B
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005EC550
                                                                                                                                                                                                                                                                            • Part of subcall function 0063E960: _free.LIBCMT ref: 0063E973
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                                                          • API String ID: 149343396-2658103896
                                                                                                                                                                                                                                                                          • Opcode ID: b1302dbb6fa19c0221b66ae04b0999f22ce6ad6e7f1bc028bc5062b46b76e0f1
                                                                                                                                                                                                                                                                          • Instruction ID: 8e6b114ee4578d5d3f892cd9f1e62148097a97d11f2c4a43a7f6f6d85885e221
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1302dbb6fa19c0221b66ae04b0999f22ce6ad6e7f1bc028bc5062b46b76e0f1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 364144719007819FCB20DF65D851BAABFF6AF05300F04855EF8869B782D776EA05CBA1
                                                                                                                                                                                                                                                                          Function 0062DDD2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                                          • String ID: $+xv
                                                                                                                                                                                                                                                                          • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                                          • Opcode ID: be7218a4e0151c70df6c81b604ee7aad5abb40877012085ca32ebb458072f34c
                                                                                                                                                                                                                                                                          • Instruction ID: 147d388c541e2de69bd166f8185a528cc6015188ccfe80741c2992c6afe30824
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be7218a4e0151c70df6c81b604ee7aad5abb40877012085ca32ebb458072f34c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B21AEA1904BA26FDB61DF74988077BBEF9AF08700F04095EE499CBA41D730E601CF94
                                                                                                                                                                                                                                                                          Function 00645FF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,?), ref: 00646016
                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 00646028
                                                                                                                                                                                                                                                                          • swprintf.LIBCMT ref: 00646049
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000), ref: 00646086
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Assertion failed: %Ts, file %Ts, line %d, xrefs: 0064603E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleFileHandleTypeWriteswprintf
                                                                                                                                                                                                                                                                          • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                                                                                                                                                                                                                                          • API String ID: 2943507729-1719349581
                                                                                                                                                                                                                                                                          • Opcode ID: fdf516b2a388e0e21870fe76eec360eea9aeb1209a27ae3ddc44c5477d5dfbd8
                                                                                                                                                                                                                                                                          • Instruction ID: ca2498f38149cbf20a101f650bb01a7e932940faadb12e1c33ddfc4819dae14c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdf516b2a388e0e21870fe76eec360eea9aeb1209a27ae3ddc44c5477d5dfbd8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE112B71900118ABDB249B39CD45BEF73AFDF46714F40465CF91A93181EA30BE498B65
                                                                                                                                                                                                                                                                          Function 0063D1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,0063D278,?,?,006B77FC,00000000,?,0063D3A3,00000004,InitializeCriticalSectionEx,0069013C,00690144,00000000), ref: 0063D247
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                                          • Opcode ID: 2694e1737668e9caa381c9a0857a65e1d1923379ef77507e1939cd7fe63ce517
                                                                                                                                                                                                                                                                          • Instruction ID: 9fa05dc0bb0313c7d58306a86dc952404f16876592bc44e0221e93c5f787563f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2694e1737668e9caa381c9a0857a65e1d1923379ef77507e1939cd7fe63ce517
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC11E931A41221ABDB228B68BC41B9B37A6AF05760F150260FE05E73C0D770EE04C6E1
                                                                                                                                                                                                                                                                          Function 005EE150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 005EE172
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 005EE182
                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 005EE1C2
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                                                                                          • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                                                          • API String ID: 588496660-2191092095
                                                                                                                                                                                                                                                                          • Opcode ID: a590bcfc32b3fd9b0ab442191ea3297256197d1ab622a1851e28811a04b58572
                                                                                                                                                                                                                                                                          • Instruction ID: 6db1abddd3190469eadcb741793f66b42474c58cf087a0ae3abb2012ceae97a9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a590bcfc32b3fd9b0ab442191ea3297256197d1ab622a1851e28811a04b58572
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC01D8B56183409AD3288B9BFC06B627FABF790B21F04512AF148C2160C3F6E4D1DB20
                                                                                                                                                                                                                                                                          Function 005EF980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,EC80BF5C), ref: 005EF989
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 005EF9A9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                          • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                                          • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                                                                          • Opcode ID: 1a4f27e8bf85a0da7ac7d8f773df86c33e2f1e8a9ffdd0748e9c593b33dcabfa
                                                                                                                                                                                                                                                                          • Instruction ID: 97b183820193ec29c1bce29cf380eb400a7274823b86a64501582d140a8d300c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4f27e8bf85a0da7ac7d8f773df86c33e2f1e8a9ffdd0748e9c593b33dcabfa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0A472A00218AFCB14DF65DC05B9A7BACFB15351F0041A6FC48C7240DA729D50CBE1
                                                                                                                                                                                                                                                                          Function 006111F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00611210
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0061121A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • WriteFile failed: %d, xrefs: 00611221
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 0061122D
                                                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::Write, xrefs: 00611228
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                          • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                                          • API String ID: 442123175-2264278858
                                                                                                                                                                                                                                                                          • Opcode ID: 90cefffafd25dbeadec5bb18dcbd323f22f0c8e1b714b77a2a8813fdea1fba11
                                                                                                                                                                                                                                                                          • Instruction ID: c532a35f6db0cf6395854719c8f59a662ff24f76765065a6a433c0019038e4aa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90cefffafd25dbeadec5bb18dcbd323f22f0c8e1b714b77a2a8813fdea1fba11
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44F0A431740208BFDB40FFA4DC43FBDB7A6EB18B04F800158B9099A281D9729A58D791
                                                                                                                                                                                                                                                                          Function 005F08A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 005F08A9
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 005F08C0
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 005F08D7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                                                          • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                                          • API String ID: 4190356694-3789238822
                                                                                                                                                                                                                                                                          • Opcode ID: 41ebd8c7c7133d2429c35325139e5db12e496bec4d503b3992f64e2c2a29c900
                                                                                                                                                                                                                                                                          • Instruction ID: 081516ff2f49dd2bd0261abdcd46e1c8face96e6d7d01d382fce221f7520a726
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41ebd8c7c7133d2429c35325139e5db12e496bec4d503b3992f64e2c2a29c900
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F02732D4131CBBCF109BE06C09AEA7B9CFB05755B0016D6EC0C93240E6768D5492D0
                                                                                                                                                                                                                                                                          Function 0064E940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0064E935,?,?,0064E8FD,00000002,00000002,?), ref: 0064E955
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0064E968
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,0064E935,?,?,0064E8FD,00000002,00000002,?), ref: 0064E98B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: e2b1839f6747dac2e89dc0c80ff9dbdad77d88fa0bf321f6822f5ad876049aa7
                                                                                                                                                                                                                                                                          • Instruction ID: 6731270da1ecec00495d32f5aa30a14a530aea1aa80c3c7b0fb3ff38c15b9522
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2b1839f6747dac2e89dc0c80ff9dbdad77d88fa0bf321f6822f5ad876049aa7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83F08C30A50219FBDF159B51DD09FDDBA7BFB04B55F1001A0F408A62A0CBB28E84EAA0
                                                                                                                                                                                                                                                                          Function 00638982 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SleepConditionVariableCS.KERNELBASE(?,0063891F,00000064), ref: 006389A5
                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(006B742C,005D1171,?,0063891F,00000064,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 006389AF
                                                                                                                                                                                                                                                                          • WaitForSingleObjectEx.KERNEL32(005D1171,00000000,?,0063891F,00000064,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 006389C0
                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(006B742C,?,0063891F,00000064,?,?,?,005D402B,006B827C,EC80BF5C,?,005D1171,?), ref: 006389C7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                                          • String ID: ,tk
                                                                                                                                                                                                                                                                          • API String ID: 3269011525-1596285620
                                                                                                                                                                                                                                                                          • Opcode ID: c6dcca24b4e011f5d69505b26840d0753823262f640d892a164c044ca8e7b578
                                                                                                                                                                                                                                                                          • Instruction ID: 725ffae5929728982d3a023a6b5947029e5ab2fbf32467ea284de11e148c67c0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6dcca24b4e011f5d69505b26840d0753823262f640d892a164c044ca8e7b578
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BE09232914224EFC7052F54EC08ADE3F6FEB4CB22B001090F509A71A1CB6248A09BD2
                                                                                                                                                                                                                                                                          Function 006503F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00652174: RtlAllocateHeap.NTDLL(00000000,?,?,?,0063872D,?,?,005CA1ED,0000002C,EC80BF5C), ref: 006521A6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650501
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650518
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650535
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650550
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00650567
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                          • Opcode ID: d780a3234bf75a84116096b67ce6ca54ca84f67d7921fe181dc11a1efb3c9815
                                                                                                                                                                                                                                                                          • Instruction ID: 9e850db76d98f32ca035a21c5f22c623f03e756996a062373e3e0a4f04352f87
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d780a3234bf75a84116096b67ce6ca54ca84f67d7921fe181dc11a1efb3c9815
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B451B132A00705AFEB21DF29C941AAA77F6EF49725F14056DEC05D7290E731EA09CF84
                                                                                                                                                                                                                                                                          Function 005E9D60 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,006ACFC4,006ACFC6,?,006ACFC6,?,006ACFC4,ios_base::failbit set,00000000), ref: 005E9DB0
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,006ACFC6,?,006ACFC4,ios_base::failbit set,00000000), ref: 005E9DC1
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,006ACFC4,006ACFC6,00000000,00000000,?,006ACFC6,?,006ACFC4,ios_base::failbit set,00000000), ref: 005E9DD9
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,006ACFC4,?,?,00000000,?,?,?,006ACFC6,?,006ACFC4,ios_base::failbit set,00000000), ref: 005E9DFF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 1717984340-3924258884
                                                                                                                                                                                                                                                                          • Opcode ID: b204afbf79773c64a4cb6f5b2734c678a479554cd592ac581b1d8190fb5adea0
                                                                                                                                                                                                                                                                          • Instruction ID: dfb36d3285fbae7408514df98d7427cec0adfda7f9b0da9b008ed5e0698d500d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b204afbf79773c64a4cb6f5b2734c678a479554cd592ac581b1d8190fb5adea0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC21877610030ABFE3285F62CC49F6BBF1CFF4A344F104519F68956092DB32A419C7A0
                                                                                                                                                                                                                                                                          Function 005D9B0D Relevance: 7.6, APIs: 5, Instructions: 78threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32 ref: 005D9B16
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005D9B29
                                                                                                                                                                                                                                                                            • Part of subcall function 006266B6: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000), ref: 006266C1
                                                                                                                                                                                                                                                                            • Part of subcall function 006266B6: GetExitCodeThread.KERNEL32(?,?), ref: 006266D3
                                                                                                                                                                                                                                                                            • Part of subcall function 006266B6: CloseHandle.KERNEL32(?), ref: 006266EC
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 005D9B81
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 005D9B97
                                                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 005D9BAF
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseHandle$Thread$CodeCurrentEventExitMtx_destroy_in_situObjectSingleWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2780651522-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2323d1c1b374fb6e94f661675c58039f6f83414f8a00cc7554561eb9feab35c3
                                                                                                                                                                                                                                                                          • Instruction ID: 2ca1bba6ca49a44c2165f4b380fae9b8df1322cc0805fb7bab0cc3430ea72f64
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2323d1c1b374fb6e94f661675c58039f6f83414f8a00cc7554561eb9feab35c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F212B30505B509BE730AB38AC4AB9A7BD6BF54310F00092FF559913D1DB36A554CB46
                                                                                                                                                                                                                                                                          Function 00623EA7 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___std_fs_open_handle@16.LIBCPMT ref: 00623EC0
                                                                                                                                                                                                                                                                            • Part of subcall function 00623E73: CreateFileW.KERNEL32(02200000,00010000,00000007,00000000,00000003,?,00000000,00000000,?,00623EC5,?,?,00010000,02200000,?,00000000), ref: 00623E88
                                                                                                                                                                                                                                                                            • Part of subcall function 00623E73: GetLastError.KERNEL32(?,00623EC5,?,?,00010000,02200000,?,00000000), ref: 00623E98
                                                                                                                                                                                                                                                                          • SetFileInformationByHandle.KERNEL32(?,00000015,00000000,00000004,?,?,00010000,02200000,?,00000000), ref: 00623EFC
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00623F0C
                                                                                                                                                                                                                                                                          • SetFileInformationByHandle.KERNEL32(?,00000004,?,00000001), ref: 00623F38
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00623F45
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLast$HandleInformation$Create___std_fs_open_handle@16
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1118473077-0
                                                                                                                                                                                                                                                                          • Opcode ID: c1b6a6c87268c22cf9a760d4310ba8583fe53f351baf5aa2d02a7c455310d889
                                                                                                                                                                                                                                                                          • Instruction ID: 4d21c49905f4b7c8aa5329963d30a3e3dfe1d2b8dd23fa76f5089234bca3f337
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b6a6c87268c22cf9a760d4310ba8583fe53f351baf5aa2d02a7c455310d889
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F112731D08674EADB159A78BE1CBFE7F76AB40304F050095F601A2356D779CB48CB11
                                                                                                                                                                                                                                                                          Function 006243F0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006243F7
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00624401
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00624452
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00624472
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062447F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2225c504c6a76da8869268c60515809558531277781cd5e6f73e236e4a92ff6a
                                                                                                                                                                                                                                                                          • Instruction ID: eb1a189b3c96aa75705313d4747e39ad5a0ae9afb559e7b8654577b1fd9b164a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2225c504c6a76da8869268c60515809558531277781cd5e6f73e236e4a92ff6a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6501ADB590062A9BCB04FBA4D805AAEBBB3BF94710F24410DF512AB3D1DF749A058F94
                                                                                                                                                                                                                                                                          Function 00627579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2020259771-0
                                                                                                                                                                                                                                                                          • Opcode ID: 27f5465d79c69edc9136d8cfa2a17c03126292420daac5d26745213705a0ca9e
                                                                                                                                                                                                                                                                          • Instruction ID: 804a66bd4235d9ea1a46ea7abc090dc0bf3ceac3af7cba1162369bf8a0ca4288
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f5465d79c69edc9136d8cfa2a17c03126292420daac5d26745213705a0ca9e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20119EB1508B54BBE720DBA4A881F12B7EDEF08310F044919F185CBA40E765FD548BA9
                                                                                                                                                                                                                                                                          Function 005C77FD Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005C7804
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C7811
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005C785F
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005C787F
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005C788C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3498242614-0
                                                                                                                                                                                                                                                                          • Opcode ID: d8825518ccec370fc71f7129b7908579fb7739b61dfbff0385bb50fd4121c254
                                                                                                                                                                                                                                                                          • Instruction ID: aa2dd26cac76c9980ff7ac7b0806cf628dacb12265d1fdd884506c902e413ff0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8825518ccec370fc71f7129b7908579fb7739b61dfbff0385bb50fd4121c254
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9015B7590461A8FCB04EBA49849BAD7B6AAF88710F24014DF6116B381CF749E45CBA5
                                                                                                                                                                                                                                                                          Function 005C7892 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005C7899
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C78A6
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 005C78F4
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 005C7914
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005C7921
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3498242614-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7e9ce478a31d8518d02bc916edbc1b82cb37122eb436aea359cac9275f808f16
                                                                                                                                                                                                                                                                          • Instruction ID: 3e1122daae09980d10daf0bbe452cf02f7709f4f0c8de18a68f09de133dae106
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e9ce478a31d8518d02bc916edbc1b82cb37122eb436aea359cac9275f808f16
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D801C07590821A9FCB05FBA4D845BAD7B76BF88720F20010CF5056B381CF349F458B95
                                                                                                                                                                                                                                                                          Function 0063459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006345A6
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006345B0
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00634601
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00634621
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0063462E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3c8f992d969e09e8b779187cc63da8b0ad13f8d3fbd6ac1cea0adc7fa025b62a
                                                                                                                                                                                                                                                                          • Instruction ID: 46abbaf887ea460a093ca7d6d9660232d56b9a63a93f5c0af8be7ccfaff1591e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c8f992d969e09e8b779187cc63da8b0ad13f8d3fbd6ac1cea0adc7fa025b62a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B701A1759002299BCB04EFA4D845AEEBBB3BF94720F24010DE411AB391DF74AE45CB94
                                                                                                                                                                                                                                                                          Function 00634634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0063463B
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00634645
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00634696
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006346B6
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006346C3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                                                          • Opcode ID: cf27e752dc6694b1738545bce6b4d23cfa6456aff9840b85b57f3e7b95728298
                                                                                                                                                                                                                                                                          • Instruction ID: 558ff8d7d052ea5c118f76cd96eabad083a611f8b206c12a18298bbeb1dd9c50
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf27e752dc6694b1738545bce6b4d23cfa6456aff9840b85b57f3e7b95728298
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301A17590022A9FCB04EFA4D846AADBBB7BF85310F14050DF8116B3D1CF74AE458B94
                                                                                                                                                                                                                                                                          Function 006347F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006347FA
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00634804
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00634855
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00634875
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00634882
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                                                          • Opcode ID: 26d95529dccd97de9a416662ab86dfea191d009b902f6c3cb543c1f659f6acf3
                                                                                                                                                                                                                                                                          • Instruction ID: 24d279da4f3b17ad71888b150a131807860cbc8d221186cc2fdf776b2bfbd926
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26d95529dccd97de9a416662ab86dfea191d009b902f6c3cb543c1f659f6acf3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0701A17590026A9BCB04EBA4C815AEEBBB7BF84720F24011CE4116B381CF74EE458BD4
                                                                                                                                                                                                                                                                          Function 00634888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0063488F
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00634899
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::_Lockit.LIBCPMT ref: 005C2D30
                                                                                                                                                                                                                                                                            • Part of subcall function 005C2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 005C2D4C
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006348EA
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0063490A
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00634917
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0f6f9cf8084831458b93139f534f568d13409a9231cd42d54a2f97f3aff9a407
                                                                                                                                                                                                                                                                          • Instruction ID: 0e147939c05aa63b15081e3653fc5d2582306a65fe8ba2e5076b363ab882bdbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f6f9cf8084831458b93139f534f568d13409a9231cd42d54a2f97f3aff9a407
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6101A17590022A9FCB04EBA4D805AAEBBB7BF84720F14054DE411AB3C1CF74AE058B94
                                                                                                                                                                                                                                                                          Function 0065B487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065B49F
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065B4B1
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065B4C3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065B4D5
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0065B4E7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 557f1f7b5f7d774bb5085de49fc8eb622ed8d1dfb5a1631863725e1ca95ad619
                                                                                                                                                                                                                                                                          • Instruction ID: 1dc929d905dd4c25b1c3cc246962ae88d487c0ce918e3beaf59b28f6a80a5d31
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 557f1f7b5f7d774bb5085de49fc8eb622ed8d1dfb5a1631863725e1ca95ad619
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF06232501605AB8770EBA4F492C5A73DFEF01711F946819F809D7745C730FC888A55
                                                                                                                                                                                                                                                                          Function 00610720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00610743
                                                                                                                                                                                                                                                                          • CloseHandle failed: %d, xrefs: 00610737
                                                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::Close, xrefs: 0061073E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                          • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                                          • API String ID: 918212764-1823807987
                                                                                                                                                                                                                                                                          • Opcode ID: 6d39c64f5057dbbb1c465e4169ff020d55a23406c6978591e4289967aff4b0e9
                                                                                                                                                                                                                                                                          • Instruction ID: 1ce65b8b67468126860a7254686d71f1e2b365cbc5b9c16b9ee00875e8febb78
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d39c64f5057dbbb1c465e4169ff020d55a23406c6978591e4289967aff4b0e9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85D05B313807106EFB203B68AC0BFB63A56EF05718F490B58B615D51E2D5E2A8954765
                                                                                                                                                                                                                                                                          Function 00643207 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __freea
                                                                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                          • API String ID: 240046367-3206640213
                                                                                                                                                                                                                                                                          • Opcode ID: f02d4828926cb66fa19109b9f184dd89a417d789100bf6b1e10b3988e33b733a
                                                                                                                                                                                                                                                                          • Instruction ID: ec81ea4369d0e62404f4e7f72935cba0e9683e90f7a67b053eb0e992ac0411bb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f02d4828926cb66fa19109b9f184dd89a417d789100bf6b1e10b3988e33b733a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FC1F135900226DBDB29DF68C995AFABBB3FF06710F294149E501AB350D7319F42CBA1
                                                                                                                                                                                                                                                                          Function 006252EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006252F3
                                                                                                                                                                                                                                                                            • Part of subcall function 005EBDF0: std::_Lockit::_Lockit.LIBCPMT ref: 005EBE2F
                                                                                                                                                                                                                                                                            • Part of subcall function 005EBDF0: std::_Lockit::_Lockit.LIBCPMT ref: 005EBE51
                                                                                                                                                                                                                                                                            • Part of subcall function 005EBDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 005EBE71
                                                                                                                                                                                                                                                                            • Part of subcall function 005EBDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 005EBFFC
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006254EF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                                          • String ID: 0123456789ABCDEFabcdef-+Xx$l8]b
                                                                                                                                                                                                                                                                          • API String ID: 3042121994-1335344595
                                                                                                                                                                                                                                                                          • Opcode ID: 714ad6b241cd349ecb394a2b2fcc74609b7e92780d3b084dd7458702ac6bd08e
                                                                                                                                                                                                                                                                          • Instruction ID: 03b74a0223633b55d00926ce31d0933182825aab3eb42d925b7ce0739a61bb48
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 714ad6b241cd349ecb394a2b2fcc74609b7e92780d3b084dd7458702ac6bd08e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9C16D30D04EA88ADF35DAA4E591BECBBB3AF55300F684059D8866B382D6749D46CF50
                                                                                                                                                                                                                                                                          Function 005DB6E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB886
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DB93D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Failed to convert byte to wide, xrefs: 005DB856
                                                                                                                                                                                                                                                                          • Failed to convert wide to byte, xrefs: 005DB90D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                                          • String ID: Failed to convert byte to wide$Failed to convert wide to byte
                                                                                                                                                                                                                                                                          • API String ID: 1656330964-1708777540
                                                                                                                                                                                                                                                                          • Opcode ID: 9089125a576507f4e5a2ea67664c4c4ad5e6815bb8bb454377ee634aba697108
                                                                                                                                                                                                                                                                          • Instruction ID: 68c58a301f75a2ae5982293b5a54c74e92879fc19deb80c1e02b8675a330ab0e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9089125a576507f4e5a2ea67664c4c4ad5e6815bb8bb454377ee634aba697108
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F481BC70900248DFEF28EFA8C959BEDBBB6BF41304F10815EE8056B382DB755A49CB51
                                                                                                                                                                                                                                                                          Function 006651F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                                                                                          • API String ID: 0-4282027825
                                                                                                                                                                                                                                                                          • Opcode ID: c6a43454b45b035b462af7df389142839483d4af4ed1139953af7fcd6de56e97
                                                                                                                                                                                                                                                                          • Instruction ID: 116785513da4ebfd053ec0d9a89e4e2a6bfedfcaca741157617e7c4127aa823d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a43454b45b035b462af7df389142839483d4af4ed1139953af7fcd6de56e97
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36717D71D00619DFCF14DFA8C889ADEBBBABF45314F14462AE416E7290E730A944CBA1
                                                                                                                                                                                                                                                                          Function 005CB420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005CB64C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 323602529-1866435925
                                                                                                                                                                                                                                                                          • Opcode ID: a8292d9c3e2a8d89cdd266e79af80ae964540f2f3b6db1a226aeea84286410b6
                                                                                                                                                                                                                                                                          • Instruction ID: a9a728b6962bfe5937b539b5cf3598b334c8c5df6e3bec28dae506793cc843ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8292d9c3e2a8d89cdd266e79af80ae964540f2f3b6db1a226aeea84286410b6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F17199B1A0064A9FDB14CF98C985B99BBF9FF48314F14816EE9148B381D7B5A905CB80
                                                                                                                                                                                                                                                                          Function 00664620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 006646E4
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00664728
                                                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 00664768
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: MCRG
                                                                                                                                                                                                                                                                          • API String ID: 3778923442-1523812224
                                                                                                                                                                                                                                                                          • Opcode ID: c6bcb597783fc0709cc1a7aaf77a5801f2803654dde0c6eb0bb4f0f6493ce417
                                                                                                                                                                                                                                                                          • Instruction ID: bd12263c72f85da2ca780c92829ff33741c910d082c179b9dd890c3b512520ba
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6bcb597783fc0709cc1a7aaf77a5801f2803654dde0c6eb0bb4f0f6493ce417
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3518C75900249AFDB14CFA8D845F9EFBB9FF49324F148259F815AB3A1DB70A904CB90
                                                                                                                                                                                                                                                                          Function 005D0490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00623D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,005D04D5,?,?,EC80BF5C), ref: 00623DAE
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 005D05CC
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005D05F6
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                                                                                                          • String ID: generic$unknown error
                                                                                                                                                                                                                                                                          • API String ID: 3868770561-3628847473
                                                                                                                                                                                                                                                                          • Opcode ID: a302f303fc6f81b754b31f4b3eff0556c1d4710c08c2d346e73fb35523485277
                                                                                                                                                                                                                                                                          • Instruction ID: c1e3789d2922dbb66f30d23dc277ca9f8f9892bf4bcb7db68ebe192f18d3ae6f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a302f303fc6f81b754b31f4b3eff0556c1d4710c08c2d346e73fb35523485277
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0419DB19003159FDB209FA8D845BAFBBE9FB45310F100A2FE856973C1D77999048BA1
                                                                                                                                                                                                                                                                          Function 0064EA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod1_extract\saBSI.exe
                                                                                                                                                                                                                                                                          • API String ID: 0-3160693801
                                                                                                                                                                                                                                                                          • Opcode ID: 3bde915c6903e7b0ab5c476bda1601b071792ea19d27a5f724c4b61353a9c155
                                                                                                                                                                                                                                                                          • Instruction ID: 1a68c23ece6c8cc206fea5e56bbfb4a49936068a72a87cc3b05c618330ae8914
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bde915c6903e7b0ab5c476bda1601b071792ea19d27a5f724c4b61353a9c155
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 183190B1A00218AFCB21EF99DD85DEEBBBEFB95310B14016AE405D7350D6719A84CB90
                                                                                                                                                                                                                                                                          Function 005C4A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_
                                                                                                                                                                                                                                                                          • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                                                                                                          • API String ID: 2427045233-3897642808
                                                                                                                                                                                                                                                                          • Opcode ID: c87d1ae57a5e842de41ebd306874967ace6c293e13ff32935a02d15748f77b98
                                                                                                                                                                                                                                                                          • Instruction ID: e6d4dfdd0aec86480633f2d4a18abcfa58ef40859b5c0fda770be8c298819b3c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c87d1ae57a5e842de41ebd306874967ace6c293e13ff32935a02d15748f77b98
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70414A709052099ECF18DFE4D8A5EEDBFB5BF09314F15406DE806A7281DB309A4ACF95
                                                                                                                                                                                                                                                                          Function 00632F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00632F57
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: __EH_prolog3.LIBCMT ref: 00627DF7
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00627E01
                                                                                                                                                                                                                                                                            • Part of subcall function 00627DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00627E72
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 00632FF3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                                                                          • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                                                                          • Opcode ID: 77ee3cc41b417daa4c61dd6fc295b1cb4acecd2d82039afbb39f3606e10ed82b
                                                                                                                                                                                                                                                                          • Instruction ID: 07ec77dd9ef13e167a4ce9e2da4c4784887092f89c517844b163e05afe799135
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77ee3cc41b417daa4c61dd6fc295b1cb4acecd2d82039afbb39f3606e10ed82b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8413B71900229DFCF15DFA4D880AEEBBB6FF18314F100199F911AB255DB309A56CBA5
                                                                                                                                                                                                                                                                          Function 00633200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00633207
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: __EH_prolog3_GS.LIBCMT ref: 005C32E5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: std::_Lockit::_Lockit.LIBCPMT ref: 005C32F2
                                                                                                                                                                                                                                                                            • Part of subcall function 005C32DE: std::_Lockit::~_Lockit.LIBCPMT ref: 005C3360
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006332A3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                                          • API String ID: 3328206922-2494171821
                                                                                                                                                                                                                                                                          • Opcode ID: c0e03788a1a01f842b82f93d0e6e5ebc85b535cb1a7f795afb0d5d7aafbe5282
                                                                                                                                                                                                                                                                          • Instruction ID: 8cf822d8a2ee732834678a898b1f6ab623284a882e528c4a80f71495a4c8aedc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0e03788a1a01f842b82f93d0e6e5ebc85b535cb1a7f795afb0d5d7aafbe5282
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A415D31900219DFCF05DFE8D884ADEBBB6FF48314F1001A9F911AB255DB709A56CB95
                                                                                                                                                                                                                                                                          Function 00637470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00637477
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::_Lockit.LIBCPMT ref: 005EC995
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::_Lockit.LIBCPMT ref: 005EC9B7
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::~_Lockit.LIBCPMT ref: 005EC9D7
                                                                                                                                                                                                                                                                            • Part of subcall function 005EC960: std::_Lockit::~_Lockit.LIBCPMT ref: 005ECAB1
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 00637511
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                                          • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                                          • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                                          • Opcode ID: 2fa2d175e800748a0a2f651d09e2368909b2ae8b0439c82e7afdceb8f3af226e
                                                                                                                                                                                                                                                                          • Instruction ID: 16f105d27fb912ef2ece0c015435b42c3a0fbd3e5d891ffe5b7c39ece8ef064d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa2d175e800748a0a2f651d09e2368909b2ae8b0439c82e7afdceb8f3af226e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15415E71900209DFCF15DFA4D881ADEBFB6FF44310F104099F911AB252DB35AA56CB91
                                                                                                                                                                                                                                                                          Function 005ED700 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SHGetKnownFolderPath.SHELL32(0068D7E8,00000000,00000000,?,EC80BF5C), ref: 005ED75C
                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 005ED7D4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FolderFreeKnownPathTask
                                                                                                                                                                                                                                                                          • String ID: %s\%s
                                                                                                                                                                                                                                                                          • API String ID: 969438705-4073750446
                                                                                                                                                                                                                                                                          • Opcode ID: d8ed6553388a9d4d54ad3253b7f6bd96287a32a6e11a2722857ed7e91d333edb
                                                                                                                                                                                                                                                                          • Instruction ID: 3c0848605ea1f469fed842787c3e38f04fe940b9c148545095b76781cb6845c9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8ed6553388a9d4d54ad3253b7f6bd96287a32a6e11a2722857ed7e91d333edb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 522153B1A002599FDB04DFA5DC85FEEBBF9FB49714F504529E805A3280D7746904CB74
                                                                                                                                                                                                                                                                          Function 005D7156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005E4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005E521E
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7D3D
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D7DC8
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                                                          • String ID: Failed to add event category ($V
                                                                                                                                                                                                                                                                          • API String ID: 2287862619-1647955383
                                                                                                                                                                                                                                                                          • Opcode ID: 53b38323cd6f44645b4b430c6f2aa1687f413fa8ca8e2427e50181f6da076ac5
                                                                                                                                                                                                                                                                          • Instruction ID: 8ad447c17e9350840593fb6ae7ac2642e69bef40299d0b1eb09f20a221af5b7c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53b38323cd6f44645b4b430c6f2aa1687f413fa8ca8e2427e50181f6da076ac5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C31AD70900248CFDF04EFA4D85ABDD7BA5FF95304F50409EE8465B342EB75AA08CBA2
                                                                                                                                                                                                                                                                          Function 005DA7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,EC80BF5C,?,?), ref: 005DA531
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005DA7EC
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DA989
                                                                                                                                                                                                                                                                            • Part of subcall function 005DF110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005DF268
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Unexpected return value: , xrefs: 005DA8CC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                                                          • String ID: Unexpected return value:
                                                                                                                                                                                                                                                                          • API String ID: 1703231451-3613193034
                                                                                                                                                                                                                                                                          • Opcode ID: e12426534a0d265d06dd7ed3674487549bc148b4d9b06d6c011d9e1426caef04
                                                                                                                                                                                                                                                                          • Instruction ID: 7915e07ebfcbf23e8a9f24a52d3ee00a83c2610df691f12775f4b32e9a17c855
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e12426534a0d265d06dd7ed3674487549bc148b4d9b06d6c011d9e1426caef04
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C02182709012159ADF24DFA8D849BEDBF3ABF85314F10425AE415A73D2DB309A85CA16
                                                                                                                                                                                                                                                                          Function 00635C3A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                                                                          • String ID: $+xv
                                                                                                                                                                                                                                                                          • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                                                                          • Opcode ID: 114a6ebf77aa1a2b51afec984ed780c0b951067bdebb6cc7c6f26d73c901539e
                                                                                                                                                                                                                                                                          • Instruction ID: e369be886581567c727e78b6a6376290229d0e5d6de12754843c4b8872693fd9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 114a6ebf77aa1a2b51afec984ed780c0b951067bdebb6cc7c6f26d73c901539e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95218EA1904B926FDB61DF748890B7BBEF9AF08300F04095EE459C7A42E774E605CBD4
                                                                                                                                                                                                                                                                          Function 0062DD07 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0062DD0E
                                                                                                                                                                                                                                                                            • Part of subcall function 00627579: _Maklocstr.LIBCPMT ref: 00627599
                                                                                                                                                                                                                                                                            • Part of subcall function 00627579: _Maklocstr.LIBCPMT ref: 006275B6
                                                                                                                                                                                                                                                                            • Part of subcall function 00627579: _Maklocstr.LIBCPMT ref: 006275D3
                                                                                                                                                                                                                                                                            • Part of subcall function 00627579: _Maklocchr.LIBCPMT ref: 006275E5
                                                                                                                                                                                                                                                                            • Part of subcall function 00627579: _Maklocchr.LIBCPMT ref: 006275F8
                                                                                                                                                                                                                                                                          • _Mpunct.LIBCPMT ref: 0062DD9B
                                                                                                                                                                                                                                                                          • _Mpunct.LIBCPMT ref: 0062DDB5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                                          • String ID: $+xv
                                                                                                                                                                                                                                                                          • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                                                                          • Opcode ID: 83f7602940e9e9ef4ad450fcf8e8c360f0c5518f4bf89fdaa9acb1eb0c7eed0e
                                                                                                                                                                                                                                                                          • Instruction ID: 1ae3181272720f8e5dd1eb07ad4b14a6b224a8cb7532f23e732c5c827b355677
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83f7602940e9e9ef4ad450fcf8e8c360f0c5518f4bf89fdaa9acb1eb0c7eed0e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13217FA1904FA26FD762DF64985077BBEF9AF08300F14495EE459C7A41D734EA01CF94
                                                                                                                                                                                                                                                                          Function 005D7052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceBeginInitialize.KERNEL32(006B80C4,00000000,EC80BF5C,00000000,EC80BF5C,005CA219,006B80CC,?,?,?,?,?,?,005CA219,?,?), ref: 005C9BE5
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9BB0: InitOnceComplete.KERNEL32(006B80C4,00000000,00000000), ref: 005C9C1D
                                                                                                                                                                                                                                                                            • Part of subcall function 005C9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005C9A12
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005D7D3D
                                                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 005D7DC8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                                                          • String ID: P$Service has not been initialized
                                                                                                                                                                                                                                                                          • API String ID: 920826028-2917841385
                                                                                                                                                                                                                                                                          • Opcode ID: 0b282892d8d35410f1ee257de3fb08a1c62607e130ba500912e07a4dfde50c39
                                                                                                                                                                                                                                                                          • Instruction ID: 3eab5b061660d896d2f365c8811668863fd287ad615cbac9378ceb36d1bb3d8e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b282892d8d35410f1ee257de3fb08a1c62607e130ba500912e07a4dfde50c39
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8019E719042488EDF04EFD0D45ABED7B65BF54310F50846EF80217241EB35AA0CCE55
                                                                                                                                                                                                                                                                          Function 005C308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 005C3095
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 005C30A2
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005C30DF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                                                                          • API String ID: 4089677319-1405518554
                                                                                                                                                                                                                                                                          • Opcode ID: ea255245c96735bbf95b0568d927c564cd5afe1a352b9ac7cc644672cae5cc50
                                                                                                                                                                                                                                                                          • Instruction ID: 54a7845d51360872b80f0398abd504b03c9876d436e220e781a036ec1f2c3afa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea255245c96735bbf95b0568d927c564cd5afe1a352b9ac7cc644672cae5cc50
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D014F71405B949EC7209F79948154AFEE1BF28700B508A2EE08983A41CB30A604CB9D
                                                                                                                                                                                                                                                                          Function 005ED6D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,005C4E6C,EC80BF5C), ref: 005ED6D5
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005ED6E5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                          • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 1646373207-2102062458
                                                                                                                                                                                                                                                                          • Opcode ID: b01b35d681f5498c62244fc47ddf9fea9dbb5010684e424125d38d3905b901f9
                                                                                                                                                                                                                                                                          • Instruction ID: 91fec657a71a5940659c41ffd6e8928431bfd7d6fc36ffd8d3dfc1becc22c57e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b01b35d681f5498c62244fc47ddf9fea9dbb5010684e424125d38d3905b901f9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D01224344B5526DF086FB35E09B1E1A5A7A45BC2F086894A049D60D0CDE5C544CA31
                                                                                                                                                                                                                                                                          Function 006524F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                                                          • Instruction ID: 9510ffa29ceba1a98f3338a57ed3197aabf4647777346772f47504e111d1628b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB134329042879FDB11CF28C8A17EEBBE6EF5A341F2441AAEC419B341D6349D49CB60
                                                                                                                                                                                                                                                                          Function 00628F69 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 838279627-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9769e3ff1570c250753fd12cbfbeb75809c391d381e105fc6ca1fb9b0d2798be
                                                                                                                                                                                                                                                                          • Instruction ID: 4e4cbd7bab880ebd86443e3bfb077d77b7b760967e2efa7137b20cf703d21ab0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9769e3ff1570c250753fd12cbfbeb75809c391d381e105fc6ca1fb9b0d2798be
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BB17B7190062ADFDF14DF94D988AEEBBBAFF48310F144059E805AB251D730AE51CFA4
                                                                                                                                                                                                                                                                          Function 00662AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C463F: GetProcessHeap.KERNEL32(?,?,?,005CE97C,EC80BF5C,?,?,?,?,00669590,000000FF), ref: 005C4676
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 00662BF4
                                                                                                                                                                                                                                                                            • Part of subcall function 005E75F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00662B5D,?,00000000), ref: 005E7628
                                                                                                                                                                                                                                                                            • Part of subcall function 005E75F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28), ref: 005E7636
                                                                                                                                                                                                                                                                            • Part of subcall function 005E75F0: LockResource.KERNEL32(00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 005E7641
                                                                                                                                                                                                                                                                            • Part of subcall function 005E75F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28), ref: 005E764F
                                                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00662B74
                                                                                                                                                                                                                                                                            • Part of subcall function 005E7580: LoadResource.KERNEL32(?,?,8007000E,80004005,00000000,?,?,?,?,?,?,?,005E480F,EC80BF5C), ref: 005E7589
                                                                                                                                                                                                                                                                            • Part of subcall function 005E7580: LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,005E480F,EC80BF5C), ref: 005E7594
                                                                                                                                                                                                                                                                            • Part of subcall function 005E7580: SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,005E480F,EC80BF5C), ref: 005E75A8
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00662BAB
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 00662C2E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2838002939-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6acdd6d345624ab25c9571e27164590351c69d70e2c7717156fa7ef676247505
                                                                                                                                                                                                                                                                          • Instruction ID: 9758fba3fc37f161e1de8b2646c86fd342f50848f47179932befe99121eeb6d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6acdd6d345624ab25c9571e27164590351c69d70e2c7717156fa7ef676247505
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2551D030200A42AFE7288F18CC69F6AB7EAEF85714F20466DF5459B3D0DBB1A840CB55
                                                                                                                                                                                                                                                                          Function 0063C0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                          • Opcode ID: 56188891a6e77014f4e337a2debfd17e7c30b362a6ab8d014285b8dfce67220e
                                                                                                                                                                                                                                                                          • Instruction ID: 11c685da7d7172b0420803820cde03e34cf5fefc11757c834a2f83fb2e458251
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56188891a6e77014f4e337a2debfd17e7c30b362a6ab8d014285b8dfce67220e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8751D3726006069FEB299F99C841BBA77A6FF05724F14412DF80667292D731ED81DBD0
                                                                                                                                                                                                                                                                          Function 0066174E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0066181E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00661847
                                                                                                                                                                                                                                                                          • SetEndOfFile.KERNEL32(00000000,006600BA,00000000,?,?,?,?,?,?,?,?,006600BA,?,00000000), ref: 00661879
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,006600BA,?,00000000,?,?,?,?,?), ref: 00661895
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1547350101-0
                                                                                                                                                                                                                                                                          • Opcode ID: 62b87fce43bcc029cad0c5b05361e8af97927053c043d93c03936b0c121e9f51
                                                                                                                                                                                                                                                                          • Instruction ID: 2584d9f4b7296a7b328ba4582906a6c44f1dad15152ec2db39f109053ce3ca7d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62b87fce43bcc029cad0c5b05361e8af97927053c043d93c03936b0c121e9f51
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B241C4729006459BDB516BB8CC42BDD3BBBAF46360F2C051CF825EF291EA34C94587A5
                                                                                                                                                                                                                                                                          Function 00653531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 37dbf8d834822e6dca52b67d957d8db56e39fc5ec73101166ae45530b4897237
                                                                                                                                                                                                                                                                          • Instruction ID: 2b2b82afb5517e75c99df3ba4fcf596141fcb3290246b050a2ce172dd4a7edec
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37dbf8d834822e6dca52b67d957d8db56e39fc5ec73101166ae45530b4897237
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41E6B2A00314BFD7249F78CC41B9ABBABEB84B51F10452EF512DB781E2719A458790
                                                                                                                                                                                                                                                                          Function 005EEBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 005EEBCB
                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 005EEC28
                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 005EEC4F
                                                                                                                                                                                                                                                                            • Part of subcall function 005EEBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 005EEC7E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 611561417-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9203e6d3d1e7b48e71c924f007708e1ddf11ddbcc377b5d8987895b5062ba32f
                                                                                                                                                                                                                                                                          • Instruction ID: 0147383f6045a427d69d1395c4cffd4d4dc67ec439783cb9c18878262175a24f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9203e6d3d1e7b48e71c924f007708e1ddf11ddbcc377b5d8987895b5062ba32f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0631C272A0021CABDB249F95DD4AFEAB7B9FB08700F1005E5F949A7191DA709E90CB90
                                                                                                                                                                                                                                                                          Function 0064E0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6cc8222aea9506e473c0c4f8c3a60f0a0664f32648b1e0e7ed3da7a267e12730
                                                                                                                                                                                                                                                                          • Instruction ID: 3792e77c9950194b35ceee1580f627c94b41dcb06eec58b581ab7b495dde7ffb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cc8222aea9506e473c0c4f8c3a60f0a0664f32648b1e0e7ed3da7a267e12730
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2521AE71684205AFEB20AF61DC81DBB77AFFF053A8B104619F92597290E732EC4587A0
                                                                                                                                                                                                                                                                          Function 005E75F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0063987E: EnterCriticalSection.KERNEL32(006B77A0,?,00000001,?,005E86A7,00000000,?,00000001,?,00000000,?,?,005EC338,-00000010), ref: 00639889
                                                                                                                                                                                                                                                                            • Part of subcall function 0063987E: LeaveCriticalSection.KERNEL32(006B77A0,?,005E86A7,00000000,?,00000001,?,00000000,?,?,005EC338,-00000010,?,?,?,EC80BF5C), ref: 006398B5
                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00662B5D,?,00000000), ref: 005E7628
                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28), ref: 005E7636
                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 005E7641
                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00662B5D,?,00000000,?,?,?,?,?,0066FB28), ref: 005E764F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 529824247-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4dc6c186de49b8975ed9b204ea1f159bcab7537a491ac5e641a71f978f4c35e5
                                                                                                                                                                                                                                                                          • Instruction ID: 907986b208d04d4d31df2918668bf68293ea2c5306df1cbf23a0bd8f8fbe1214
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dc6c186de49b8975ed9b204ea1f159bcab7537a491ac5e641a71f978f4c35e5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F11AB3360861A0BD73C4F1E9C44A37BB99FBC8399F100C6DF9C687240EB61CC048664
                                                                                                                                                                                                                                                                          Function 00665D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00665B7C,0000FDE9,?,00000000,?), ref: 00665D8B
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00665B7C,0000FDE9,?,00000000,?), ref: 00665D95
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 203985260-0
                                                                                                                                                                                                                                                                          • Opcode ID: f6c26c686c7781a83b47e10a44d96cf55222cdc0ebcca2c682f4a73f2b8772f6
                                                                                                                                                                                                                                                                          • Instruction ID: 4f8eb68d3df6990efa924d82a5448b9e5fa1f3f7c2569ddcc8773db5e5d39cc7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6c26c686c7781a83b47e10a44d96cf55222cdc0ebcca2c682f4a73f2b8772f6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A110D3334020467D7305F59FC06F977759EF94771F20453AF549E62D1D37158609658
                                                                                                                                                                                                                                                                          Function 00651CA9 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000008,00000016,00000000,00654E01), ref: 00651CAE
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651D0B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651D41
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00651D4C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                                                          • Opcode ID: c8f3972a53562c4f19cde34a364413cb4cd4a91ff4e4e2145adee0c051abcd47
                                                                                                                                                                                                                                                                          • Instruction ID: 394f72e6b6ba621a3642715bac28296cab2270f4b20daf30382ce0e1c1f81e42
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f3972a53562c4f19cde34a364413cb4cd4a91ff4e4e2145adee0c051abcd47
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6611E7722406002BC76137B59C86E6A21BB8FC77BBF240278FD258F2D1EE679C5D4164
                                                                                                                                                                                                                                                                          Function 00651E00 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(006B80CC,?,?,0063D742,006521B7,?,?,0063872D,?,?,005CA1ED,0000002C,EC80BF5C), ref: 00651E05
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651E62
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00651E98
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,0063D742,006521B7,?,?,0063872D,?,?,005CA1ED,0000002C,EC80BF5C), ref: 00651EA3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                                                          • Opcode ID: af6faae46c4b45499ca2ec91b17be2ed717fcdcad846be3b91479e8c72bf9259
                                                                                                                                                                                                                                                                          • Instruction ID: 2a87ad9c726f62942d8fb55ddc39631062cef69a3ef2db953adf596c5914a75e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af6faae46c4b45499ca2ec91b17be2ed717fcdcad846be3b91479e8c72bf9259
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F11E9322002012BD75127B55C87E6B22AB9BC77BBF240278FD358F2D1EE229C5D4125
                                                                                                                                                                                                                                                                          Function 00623E04 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000400,?,EC80BF5C,00000000,00000000,00000000,00000000,?,?,?,005CEE58,00000000,EC80BF5C,?,00000000), ref: 00623E21
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,005CEE58,00000000,EC80BF5C,?,00000000,00000000,EC80BF5C,?), ref: 00623E2D
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,?,EC80BF5C,00000000,00000000,00000000,00000000,?,005CEE58,00000000,EC80BF5C,?,00000000,00000000,EC80BF5C), ref: 00623E53
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,005CEE58,00000000,EC80BF5C,?,00000000,00000000,EC80BF5C,?), ref: 00623E5F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 203985260-0
                                                                                                                                                                                                                                                                          • Opcode ID: e4a4d2c66a0a48e12c1747ea661e3dccae4d7454e3a7cf7186362ea0b64cdc26
                                                                                                                                                                                                                                                                          • Instruction ID: b1ce3c388cc5a5ec36bd4d206f78a3fbcb0e3c1f372be5a972d3dd14e3135ca4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a4d2c66a0a48e12c1747ea661e3dccae4d7454e3a7cf7186362ea0b64cdc26
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6014F32600566BBCF220F96AC09C9B3E27EBD9790B418025FE0555320C7328966EBA0
                                                                                                                                                                                                                                                                          Function 00661647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(005F860A,EC80BF5C,006AC218,00000000,005F860A,?,0065F9C7,005F860A,00000001,005F860A,005F860A,?,00655B42,00000000,?,005F860A), ref: 0066165E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0065F9C7,005F860A,00000001,005F860A,005F860A,?,00655B42,00000000,?,005F860A,00000000,005F860A,?,00656096,005F860A), ref: 0066166A
                                                                                                                                                                                                                                                                            • Part of subcall function 00661630: CloseHandle.KERNEL32(FFFFFFFE,0066167A,?,0065F9C7,005F860A,00000001,005F860A,005F860A,?,00655B42,00000000,?,005F860A,00000000,005F860A), ref: 00661640
                                                                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 0066167A
                                                                                                                                                                                                                                                                            • Part of subcall function 006615F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0066161F,0065F9B4,005F860A,?,00655B42,00000000,?,005F860A,00000000), ref: 00661603
                                                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(005F860A,EC80BF5C,006AC218,00000000,?,0065F9C7,005F860A,00000001,005F860A,005F860A,?,00655B42,00000000,?,005F860A,00000000), ref: 0066168F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8fddbee90eb4d0336bcef5c2f466e88fb6f616bff706f9fc613a9b7919394732
                                                                                                                                                                                                                                                                          • Instruction ID: fe32b6c2ac3c01f0e44e7591797e0dac9ce709a986a839cf36626e2fd4b98d77
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fddbee90eb4d0336bcef5c2f466e88fb6f616bff706f9fc613a9b7919394732
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F0153A401119BBCF222F91DC09A9A7F27FB4A3A0F085454FA1DC9230EA3289609F90
                                                                                                                                                                                                                                                                          Function 0064F540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0064F549
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: RtlFreeHeap.NTDLL(00000000,00000000,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?), ref: 006520AE
                                                                                                                                                                                                                                                                            • Part of subcall function 00652098: GetLastError.KERNEL32(?,?,0065B729,?,00000000,?,?,?,0065B9CC,?,00000007,?,?,0065BDD6,?,?), ref: 006520C0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0064F55C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0064F56D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0064F57E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 99662baba41f41466cf2846dd2d7a2afca349e17fdac1e65f8d1ce8297c14e3a
                                                                                                                                                                                                                                                                          • Instruction ID: 9a1de74d21ccae7db1233e9b2dbfb0c769c6bf06b25cb36f5b5eaf83c73534a2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99662baba41f41466cf2846dd2d7a2afca349e17fdac1e65f8d1ce8297c14e3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE01AF04456209E87623F30BC024053F27ABA5741704220EF80803231CF3A01EDDA85
                                                                                                                                                                                                                                                                          Function 005D9C2D Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 1$Async event sender already initialized
                                                                                                                                                                                                                                                                          • API String ID: 0-1633570939
                                                                                                                                                                                                                                                                          • Opcode ID: 48e9f0f408da542390b4073ac301293d5243a0c89171be936eb69ba8bfadf01f
                                                                                                                                                                                                                                                                          • Instruction ID: 092cf66dcd2f54d84d97c11caa988dbf67b710e70c56904649c30c31b6415269
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48e9f0f408da542390b4073ac301293d5243a0c89171be936eb69ba8bfadf01f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DC1B0B02106408FDB28DB78CC98BABBBA6FF40315F50461EE15AC7791DB39B944CB54
                                                                                                                                                                                                                                                                          Function 0062BBCA Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0062BBD4
                                                                                                                                                                                                                                                                            • Part of subcall function 00628616: __EH_prolog3.LIBCMT ref: 0062861D
                                                                                                                                                                                                                                                                            • Part of subcall function 00628616: std::_Lockit::_Lockit.LIBCPMT ref: 00628627
                                                                                                                                                                                                                                                                            • Part of subcall function 00628616: std::_Lockit::~_Lockit.LIBCPMT ref: 00628698
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 0062BE0E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • 0123456789ABCDEFabcdef-+Xx, xrefs: 0062BC4B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                          • API String ID: 2544715827-2799312399
                                                                                                                                                                                                                                                                          • Opcode ID: 10f8e83e236ae200a785cbae767c0146ab796d6f32eaabef98384fd5c4934984
                                                                                                                                                                                                                                                                          • Instruction ID: e0a5399a4c705a13adfc32c58fbdee3833b619c9ba748e79d3d5118c314b9828
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f8e83e236ae200a785cbae767c0146ab796d6f32eaabef98384fd5c4934984
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78C16C30A04A788ADF259F68D9857ECBBB3EF51300F549499E8896B382DB748D85CF50
                                                                                                                                                                                                                                                                          Function 0062BFA0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0062BFAA
                                                                                                                                                                                                                                                                            • Part of subcall function 005C7892: __EH_prolog3_GS.LIBCMT ref: 005C7899
                                                                                                                                                                                                                                                                            • Part of subcall function 005C7892: std::_Lockit::_Lockit.LIBCPMT ref: 005C78A6
                                                                                                                                                                                                                                                                            • Part of subcall function 005C7892: std::_Lockit::~_Lockit.LIBCPMT ref: 005C7914
                                                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 0062C1E4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • 0123456789ABCDEFabcdef-+Xx, xrefs: 0062C021
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                          • API String ID: 3328206922-2799312399
                                                                                                                                                                                                                                                                          • Opcode ID: 0e9eedd2abb1beda09d3e85d4196a2197c100dddea3efbd8868583ab8a9eca24
                                                                                                                                                                                                                                                                          • Instruction ID: be1a01facfc6c5f50065a5c5c2627b30dbd733116528090aa7142c04635d1684
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e9eedd2abb1beda09d3e85d4196a2197c100dddea3efbd8868583ab8a9eca24
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8C18D30A04A78CADF25DFA8D8457ECBBB3AF55310F548099D889AB382DB358D85DF50
                                                                                                                                                                                                                                                                          Function 00602820 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 223registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,EC80BF5C,00000000,00000001,?), ref: 006028AC
                                                                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,?), ref: 00602972
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnumInfoQueryValue
                                                                                                                                                                                                                                                                          • String ID: :`
                                                                                                                                                                                                                                                                          • API String ID: 918324718-2937528531
                                                                                                                                                                                                                                                                          • Opcode ID: f295d1c92ecbf6cbd12324738e938baa2471f871aa479b10779b969176e62218
                                                                                                                                                                                                                                                                          • Instruction ID: 1f1ca715e6b8e16e8a8d9857c76c8c5de6982218ceeb3df1ed19ed7c31bef4b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f295d1c92ecbf6cbd12324738e938baa2471f871aa479b10779b969176e62218
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A81B371D402599FDB18DBA4C859BEFBBB9FF44304F10415DE806AB381DB745A09CB91
                                                                                                                                                                                                                                                                          Function 0064DE2D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 0064DEBD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                          • Opcode ID: ef5f9b37728ed0c6c38ecd87b976650e86702f87e0b21161b9570ed23a8377a6
                                                                                                                                                                                                                                                                          • Instruction ID: cfe9dafb06a808b1e4f6d497925d5edc13ed3407f74bcaea10b198028aa0f207
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef5f9b37728ed0c6c38ecd87b976650e86702f87e0b21161b9570ed23a8377a6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA51DB61E08102D6DB267F14C9513E92BA7EB50702F30485AF886463E8EF308CDDDA56
                                                                                                                                                                                                                                                                          Function 00637B97 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __aulldiv
                                                                                                                                                                                                                                                                          • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                          • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                                                                          • Opcode ID: 49ade7709b8a1fc37d8b9e44365b5513dfa060ae36276614035654f03110b98e
                                                                                                                                                                                                                                                                          • Instruction ID: f4d7094973a5acfd7f8cad4e9a1f8f8315cb758dd7d4281ac5d4520156c2c816
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49ade7709b8a1fc37d8b9e44365b5513dfa060ae36276614035654f03110b98e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E551B1B0A08249AFDF359E68C8817FEBBF7AF49310F14546EE485DB341C67499428BE0
                                                                                                                                                                                                                                                                          Function 00664440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00662B74
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00662BAB
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 00662C2E
                                                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 0066453C
                                                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 00664598
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                                                                                                          • String ID: MCRG
                                                                                                                                                                                                                                                                          • API String ID: 2178413835-1523812224
                                                                                                                                                                                                                                                                          • Opcode ID: 826c2c8e61a492def24c4c871e88c2bc9e4b7cd5bbe016a7649350c353a2de5b
                                                                                                                                                                                                                                                                          • Instruction ID: b30ba9c9296d425f1d6b010b382d2320b304434498ba041a6e91dba15de15a12
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 826c2c8e61a492def24c4c871e88c2bc9e4b7cd5bbe016a7649350c353a2de5b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14617871901249EFDB01CFA8C845B9EFBB6FF49320F148259F815AB3A1DB71A905CB90
                                                                                                                                                                                                                                                                          Function 005E71C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E7362
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005E7367
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID: 'm^
                                                                                                                                                                                                                                                                          • API String ID: 118556049-2663637102
                                                                                                                                                                                                                                                                          • Opcode ID: 2c0e6659a15d785d837ca20c6a00b1c447a03107052b1c2eaedd2662f154570b
                                                                                                                                                                                                                                                                          • Instruction ID: 7b2b789600754a8ac88756b81acf6e3a8e09cc3e0268b6567df4773979ea19ed
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c0e6659a15d785d837ca20c6a00b1c447a03107052b1c2eaedd2662f154570b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE51A1B19043499FDB28CF69C941B6EBBF6FF4C300F100A2EE49697791DB30A9448B95
                                                                                                                                                                                                                                                                          Function 0063C6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0063C707
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                          • Opcode ID: 28fc3a3eff5091540c45e992bc715fc54117d9a92e171ecc2e8a5996acbe9def
                                                                                                                                                                                                                                                                          • Instruction ID: 9e57accf34b558022dbac70186d4bb001ea1ec9742d44a300267ebacc213bbc2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28fc3a3eff5091540c45e992bc715fc54117d9a92e171ecc2e8a5996acbe9def
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88410572900209AFCF16DF98CD81AEEBBB6BF48314F148199F914B7261D3359A60DF91
                                                                                                                                                                                                                                                                          Function 005CBED0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005CBFD6
                                                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 005CBFDB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                          • String ID: ios_base::badbit set
                                                                                                                                                                                                                                                                          • API String ID: 118556049-3882152299
                                                                                                                                                                                                                                                                          • Opcode ID: f92bd1b3875eb43ee71ceb7d70d9ff14a31b417b12ea01339a6f3eb4e0da9c53
                                                                                                                                                                                                                                                                          • Instruction ID: b4c525274830d33b41adb83a07548e34a3060b939162c17dec117e3f246f6095
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f92bd1b3875eb43ee71ceb7d70d9ff14a31b417b12ea01339a6f3eb4e0da9c53
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89319CB2610609AFD310DF58D882B5ABBA8FF55310F45462EF85587B90E770E8248FE1
                                                                                                                                                                                                                                                                          Function 00633B60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                                          • String ID: !%x
                                                                                                                                                                                                                                                                          • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                                          • Opcode ID: 0c3e02f6a6bec11b05f6560bca4a76ee1c2c29a05c396cbc2484f43c3b3932b7
                                                                                                                                                                                                                                                                          • Instruction ID: 07c21a482deb044772f01fee2aaf6f0d01f8a04fb27be18e27b601823cb96dfc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c3e02f6a6bec11b05f6560bca4a76ee1c2c29a05c396cbc2484f43c3b3932b7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25313371D00219EBDF04EF94E985AEEB7B6FF08304F104469F905A7251DB35AA46CBA4
                                                                                                                                                                                                                                                                          Function 00637720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                                          • String ID: !%x
                                                                                                                                                                                                                                                                          • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                                          • Opcode ID: d8468e08fd6a0d13453038a33ecdd3180c6f415427e2f6087ae7486efe19a8f3
                                                                                                                                                                                                                                                                          • Instruction ID: 991418ad83f52269b35c887e18d7844a4165a8bb016f1689b5e4c2ae09b958ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8468e08fd6a0d13453038a33ecdd3180c6f415427e2f6087ae7486efe19a8f3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E316971D18249EFEF10DF98E841AEEBBB6EF08300F140069F840A7242D775AA45CFA4
                                                                                                                                                                                                                                                                          Function 005C7A9B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_
                                                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                                                          • API String ID: 2427045233-2658103896
                                                                                                                                                                                                                                                                          • Opcode ID: 7e6c1b626d7674fe1b88a0293e3e1313d3b6da5447131175612bb0814cedb6a1
                                                                                                                                                                                                                                                                          • Instruction ID: 177f1cfbea2f15994727ce5f377cdda4ce25ae28d04b42c940fb4c8c6a348040
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e6c1b626d7674fe1b88a0293e3e1313d3b6da5447131175612bb0814cedb6a1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51213DB5804248AEDB14EFE5C845E9FBBB8FF88700F04845EF9019B651EB709A00CF61
                                                                                                                                                                                                                                                                          Function 00652E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID: P|k$T|k
                                                                                                                                                                                                                                                                          • API String ID: 269201875-833916160
                                                                                                                                                                                                                                                                          • Opcode ID: 68634bd70eb808186fa5f292074a1acbd1e49913791f403e49129639124c09ea
                                                                                                                                                                                                                                                                          • Instruction ID: e6ac789ac3c2565c50460e819bb1d29804185b3dc6344d2b0c66017f5d5707e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68634bd70eb808186fa5f292074a1acbd1e49913791f403e49129639124c09ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19110B711043038FE764DF25E892B92B7E9EB56355F20442EF98AC7342D731D8888754
                                                                                                                                                                                                                                                                          Function 00638367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0063904B
                                                                                                                                                                                                                                                                          • ___raise_securityfailure.LIBCMT ref: 00639133
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                                          • String ID: Xtk
                                                                                                                                                                                                                                                                          • API String ID: 3761405300-215851576
                                                                                                                                                                                                                                                                          • Opcode ID: 5b948147911b48e24b0d48d4446dd665d5419afc570588c57ffe099e1990577d
                                                                                                                                                                                                                                                                          • Instruction ID: d482361f23d81ead9f0a16f9f54609cbe3920b051d697f3ce15d075513845774
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b948147911b48e24b0d48d4446dd665d5419afc570588c57ffe099e1990577d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E521E3F65082009ED724CF19FD857403BE6BB89314F10726AE6099B3B0EBB0A6C1CF95
                                                                                                                                                                                                                                                                          Function 00666290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00662B74
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00662BAB
                                                                                                                                                                                                                                                                            • Part of subcall function 00662AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0066FB28,000000FF), ref: 00662C2E
                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,?,00000100,%`f,?,00000000,?,?,?,00666025,?,00000100,00000000,00000100), ref: 006662BB
                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,%`f,00000100,00000000,00000100), ref: 006662F9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiQueryValueWide$FindResource
                                                                                                                                                                                                                                                                          • String ID: %`f
                                                                                                                                                                                                                                                                          • API String ID: 3794624133-15463123
                                                                                                                                                                                                                                                                          • Opcode ID: b6c26aebd2920eda64424369d19c722164ccbd93630f80f6f31782f16a8cb30c
                                                                                                                                                                                                                                                                          • Instruction ID: 0519ba97ba7661e33ea1994d62d9e55badb3c86fe4517d4bdbf0ead3e7646bec
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6c26aebd2920eda64424369d19c722164ccbd93630f80f6f31782f16a8cb30c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA119E32500209FFDB119F58CC45E9ABBAAFF48360F148265FC189B2A1E7729D60DB90
                                                                                                                                                                                                                                                                          Function 005EE5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(0000007B,?), ref: 005EE650
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FromString
                                                                                                                                                                                                                                                                          • String ID: @${
                                                                                                                                                                                                                                                                          • API String ID: 1694596556-3118734784
                                                                                                                                                                                                                                                                          • Opcode ID: 7a0a35118e80255a6a11cf3148367982865fec11b04023d030df456feeaed9fd
                                                                                                                                                                                                                                                                          • Instruction ID: 4c840d4ceea5cb4d5332ecda3126874e46a8d7671b7af2bf06080d57533e9e20
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a0a35118e80255a6a11cf3148367982865fec11b04023d030df456feeaed9fd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C01A531A002089BDB24DF69D901BDEB3B9FF99710F40819EF849E7150DE70AA84CB90
                                                                                                                                                                                                                                                                          Function 0065564E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0065ACE1: EnterCriticalSection.KERNEL32(?,?,0065F56B,?,006AC6E0,00000010,00654ED0,00000000,05D1745D,00000004,00000000,00000016,?,00000003), ref: 0065ACFC
                                                                                                                                                                                                                                                                          • FlushFileBuffers.KERNEL32(00000000,006AC518,0000000C,00655755,JOd,?,00000003,00000003,00644F4A,?,00000003), ref: 00655697
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006556A8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                                                                                                                                                                                                          • String ID: JOd
                                                                                                                                                                                                                                                                          • API String ID: 4109680722-3211929487
                                                                                                                                                                                                                                                                          • Opcode ID: 86415402fb1771c16f9f19c825da7739ebdb673bc422eceeef80674e89a9a531
                                                                                                                                                                                                                                                                          • Instruction ID: 72ffed3c9656b28eb58a55905079cfc493628fb0b09b65e79275c4b2a3ad1c93
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86415402fb1771c16f9f19c825da7739ebdb673bc422eceeef80674e89a9a531
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D01D272A006408FC714EFB8E80A64D7BE2EF49721F50421EF811DB3A1DB74D805CB94
                                                                                                                                                                                                                                                                          Function 00639146 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00639151
                                                                                                                                                                                                                                                                          • ___raise_securityfailure.LIBCMT ref: 0063920E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                                          • String ID: Xtk
                                                                                                                                                                                                                                                                          • API String ID: 3761405300-215851576
                                                                                                                                                                                                                                                                          • Opcode ID: 5e4f3f6b9877ec6a9a9fff7550781f9abb3d429570db4f42005cd20b3a1720e1
                                                                                                                                                                                                                                                                          • Instruction ID: a00170b94966ce8490294d3ebb6ee827764291be2f3b0de3953cd2c8266da4ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e4f3f6b9877ec6a9a9fff7550781f9abb3d429570db4f42005cd20b3a1720e1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A81190F65183049FD720DF19FC816803BE6BB88300B00726AE909973B1EBB0A6C5CF55
                                                                                                                                                                                                                                                                          Function 00622743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00622743
                                                                                                                                                                                                                                                                            • Part of subcall function 006226D0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00622748,006228F1), ref: 006226E7
                                                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,006228F1), ref: 00622760
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Lock$AcquireDloadExclusiveFunctionHandleModulePointers
                                                                                                                                                                                                                                                                          • String ID: 8ok
                                                                                                                                                                                                                                                                          • API String ID: 3692202576-3980173954
                                                                                                                                                                                                                                                                          • Opcode ID: 65159be9579b62f86641a6257fc213d02042eba7eb2a3bfc3cc9eba1bc147332
                                                                                                                                                                                                                                                                          • Instruction ID: 2037163b47625e270176220479aa1016ee227be261c90b5fcc3c47b481963056
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65159be9579b62f86641a6257fc213d02042eba7eb2a3bfc3cc9eba1bc147332
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9E0C231338A33674F385F25FEA49BA374BAB417583001079F502D3394DA188CC2CE82
                                                                                                                                                                                                                                                                          Function 006397CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 005C44F8: InitializeCriticalSectionEx.KERNEL32(006B77A0,00000000,00000000,006B778C,006397FC,?,?,?,005C11BA), ref: 005C44FE
                                                                                                                                                                                                                                                                            • Part of subcall function 005C44F8: GetLastError.KERNEL32(?,?,?,005C11BA), ref: 005C4508
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,005C11BA), ref: 00639800
                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,005C11BA), ref: 0063980F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0063980A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                          • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                                          • Opcode ID: 300f43a32a037dddc5dcd2fcb5c403b128c5ddd91657cbe559c5455230ee7ad2
                                                                                                                                                                                                                                                                          • Instruction ID: 9dbfab6c942e2aab92b1e6a39f4d8458e6d64e385e2bd36f90d2f664ec082252
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 300f43a32a037dddc5dcd2fcb5c403b128c5ddd91657cbe559c5455230ee7ad2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE06D702007118FD760AF64E4487437BE6AB09744F009E6DE4A9C3251EBF1E488CFE1
                                                                                                                                                                                                                                                                          Function 00665E10 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?,?,?,006659F1,0000FDE9,?,?,?), ref: 00665E33
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,006659F1,0000FDE9,?,?,?), ref: 00665E3D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.2325823008.00000000005B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2325609422.00000000005B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2326412880.000000000067E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2327119795.00000000006AF000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2328926686.00000000006B4000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329081625.00000000006B6000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.2329191910.00000000006B9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b0000_saBSI.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 203985260-0
                                                                                                                                                                                                                                                                          • Opcode ID: a5a23126fdabe2a476a6c12e1c3192de5ed507900551b8c5b78f0ed9f83dcd9b
                                                                                                                                                                                                                                                                          • Instruction ID: e75a2d73e44567702eec55d9b0651cf783b29c0fd19140f4640ddc28ab7d0206
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5a23126fdabe2a476a6c12e1c3192de5ed507900551b8c5b78f0ed9f83dcd9b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D011E7333402046BDB208E6AFC01F9BB7A9EB98771F60483AF549D62D1D37258549760

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:19.7%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                          Signature Coverage:12.6%
                                                                                                                                                                                                                                                                          Total number of Nodes:1328
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                          execution_graph 3570 401ec5 3571 402c17 17 API calls 3570->3571 3572 401ecb 3571->3572 3573 402c17 17 API calls 3572->3573 3574 401ed7 3573->3574 3575 401ee3 ShowWindow 3574->3575 3576 401eee EnableWindow 3574->3576 3577 402ac5 3575->3577 3576->3577 3420 401746 3421 402c39 17 API calls 3420->3421 3422 40174d 3421->3422 3423 405e19 2 API calls 3422->3423 3424 401754 3423->3424 3425 405e19 2 API calls 3424->3425 3425->3424 3578 401947 3579 402c39 17 API calls 3578->3579 3580 40194e lstrlenA 3579->3580 3581 402628 3580->3581 3585 401fcb 3586 402c39 17 API calls 3585->3586 3587 401fd2 3586->3587 3588 4065ce 2 API calls 3587->3588 3589 401fd8 3588->3589 3591 401fea 3589->3591 3592 4061b5 wsprintfA 3589->3592 3592->3591 3593 4014d6 3594 402c17 17 API calls 3593->3594 3595 4014dc Sleep 3594->3595 3597 402ac5 3595->3597 3456 401759 3457 402c39 17 API calls 3456->3457 3458 401760 3457->3458 3459 401786 3458->3459 3460 40177e 3458->3460 3496 406257 lstrcpynA 3459->3496 3495 406257 lstrcpynA 3460->3495 3463 401784 3467 406535 5 API calls 3463->3467 3464 401791 3465 405be9 3 API calls 3464->3465 3466 401797 lstrcatA 3465->3466 3466->3463 3492 4017a3 3467->3492 3468 4065ce 2 API calls 3468->3492 3469 405dc5 2 API calls 3469->3492 3471 4017ba CompareFileTime 3471->3492 3472 40187e 3473 405378 24 API calls 3472->3473 3475 401888 3473->3475 3474 401855 3476 405378 24 API calls 3474->3476 3483 40186a 3474->3483 3478 403143 31 API calls 3475->3478 3476->3483 3477 406257 lstrcpynA 3477->3492 3479 40189b 3478->3479 3480 4018af SetFileTime 3479->3480 3482 4018c1 FindCloseChangeNotification 3479->3482 3480->3482 3481 4062ea 17 API calls 3481->3492 3482->3483 3484 4018d2 3482->3484 3485 4018d7 3484->3485 3486 4018ea 3484->3486 3487 4062ea 17 API calls 3485->3487 3488 4062ea 17 API calls 3486->3488 3490 4018df lstrcatA 3487->3490 3491 4018f2 3488->3491 3489 40596d MessageBoxIndirectA 3489->3492 3490->3491 3493 40596d MessageBoxIndirectA 3491->3493 3492->3468 3492->3469 3492->3471 3492->3472 3492->3474 3492->3477 3492->3481 3492->3489 3494 405dea GetFileAttributesA CreateFileA 3492->3494 3493->3483 3494->3492 3495->3463 3496->3464 3598 401659 3599 402c39 17 API calls 3598->3599 3600 40165f 3599->3600 3601 4065ce 2 API calls 3600->3601 3602 401665 3601->3602 3603 401959 3604 402c17 17 API calls 3603->3604 3605 401960 3604->3605 3606 402c17 17 API calls 3605->3606 3607 40196d 3606->3607 3608 402c39 17 API calls 3607->3608 3609 401984 lstrlenA 3608->3609 3610 401994 3609->3610 3613 4019d4 3610->3613 3615 406257 lstrcpynA 3610->3615 3612 4019c4 3612->3613 3614 4019c9 lstrlenA 3612->3614 3614->3613 3615->3612 3616 404cd9 GetDlgItem GetDlgItem 3617 404d2f 7 API calls 3616->3617 3630 404f56 3616->3630 3618 404dd7 DeleteObject 3617->3618 3619 404dcb SendMessageA 3617->3619 3620 404de2 3618->3620 3619->3618 3621 404e19 3620->3621 3625 4062ea 17 API calls 3620->3625 3668 4042d4 3621->3668 3622 405038 3624 4050e4 3622->3624 3627 404f49 3622->3627 3634 405091 SendMessageA 3622->3634 3628 4050f6 3624->3628 3629 4050ee SendMessageA 3624->3629 3631 404dfb SendMessageA SendMessageA 3625->3631 3626 404e2d 3633 4042d4 18 API calls 3626->3633 3690 40433b 3627->3690 3638 405108 ImageList_Destroy 3628->3638 3639 40510f 3628->3639 3646 40511f 3628->3646 3629->3628 3630->3622 3650 404fc5 3630->3650 3673 404c27 SendMessageA 3630->3673 3631->3620 3651 404e3e 3633->3651 3634->3627 3641 4050a6 SendMessageA 3634->3641 3635 40502a SendMessageA 3635->3622 3638->3639 3642 405118 GlobalFree 3639->3642 3639->3646 3640 405299 3640->3627 3647 4052ab ShowWindow GetDlgItem ShowWindow 3640->3647 3644 4050b9 3641->3644 3642->3646 3643 404f18 GetWindowLongA SetWindowLongA 3645 404f31 3643->3645 3655 4050ca SendMessageA 3644->3655 3648 404f36 ShowWindow 3645->3648 3649 404f4e 3645->3649 3646->3640 3661 40515a 3646->3661 3678 404ca7 3646->3678 3647->3627 3671 404309 SendMessageA 3648->3671 3672 404309 SendMessageA 3649->3672 3650->3622 3650->3635 3651->3643 3654 404e90 SendMessageA 3651->3654 3656 404f13 3651->3656 3657 404ee2 SendMessageA 3651->3657 3658 404ece SendMessageA 3651->3658 3654->3651 3655->3624 3656->3643 3656->3645 3657->3651 3658->3651 3660 405264 3662 40526f InvalidateRect 3660->3662 3664 40527b 3660->3664 3663 405188 SendMessageA 3661->3663 3666 40519e 3661->3666 3662->3664 3663->3666 3664->3640 3687 404be2 3664->3687 3665 405212 SendMessageA SendMessageA 3665->3666 3666->3660 3666->3665 3669 4062ea 17 API calls 3668->3669 3670 4042df SetDlgItemTextA 3669->3670 3670->3626 3671->3627 3672->3630 3674 404c86 SendMessageA 3673->3674 3675 404c4a GetMessagePos ScreenToClient SendMessageA 3673->3675 3677 404c7e 3674->3677 3676 404c83 3675->3676 3675->3677 3676->3674 3677->3650 3704 406257 lstrcpynA 3678->3704 3680 404cba 3705 4061b5 wsprintfA 3680->3705 3682 404cc4 3683 40140b 2 API calls 3682->3683 3684 404ccd 3683->3684 3706 406257 lstrcpynA 3684->3706 3686 404cd4 3686->3661 3707 404b1d 3687->3707 3689 404bf7 3689->3640 3691 4043fe 3690->3691 3692 404353 GetWindowLongA 3690->3692 3692->3691 3693 404368 3692->3693 3693->3691 3694 404395 GetSysColor 3693->3694 3695 404398 3693->3695 3694->3695 3696 4043a8 SetBkMode 3695->3696 3697 40439e SetTextColor 3695->3697 3698 4043c0 GetSysColor 3696->3698 3699 4043c6 3696->3699 3697->3696 3698->3699 3700 4043d7 3699->3700 3701 4043cd SetBkColor 3699->3701 3700->3691 3702 4043f1 CreateBrushIndirect 3700->3702 3703 4043ea DeleteObject 3700->3703 3701->3700 3702->3691 3703->3702 3704->3680 3705->3682 3706->3686 3708 404b33 3707->3708 3709 4062ea 17 API calls 3708->3709 3710 404b97 3709->3710 3711 4062ea 17 API calls 3710->3711 3712 404ba2 3711->3712 3713 4062ea 17 API calls 3712->3713 3714 404bb8 lstrlenA wsprintfA SetDlgItemTextA 3713->3714 3714->3689 3715 403dda 3716 403df2 3715->3716 3717 403f53 3715->3717 3716->3717 3718 403dfe 3716->3718 3719 403fa4 3717->3719 3720 403f64 GetDlgItem GetDlgItem 3717->3720 3721 403e09 SetWindowPos 3718->3721 3722 403e1c 3718->3722 3724 403ffe 3719->3724 3735 401389 2 API calls 3719->3735 3723 4042d4 18 API calls 3720->3723 3721->3722 3726 403e25 ShowWindow 3722->3726 3727 403e67 3722->3727 3728 403f8e SetClassLongA 3723->3728 3725 404320 SendMessageA 3724->3725 3729 403f4e 3724->3729 3755 404010 3725->3755 3730 403f11 3726->3730 3731 403e45 GetWindowLongA 3726->3731 3732 403e86 3727->3732 3733 403e6f DestroyWindow 3727->3733 3734 40140b 2 API calls 3728->3734 3737 40433b 8 API calls 3730->3737 3731->3730 3738 403e5e ShowWindow 3731->3738 3739 403e8b SetWindowLongA 3732->3739 3740 403e9c 3732->3740 3785 40425d 3733->3785 3734->3719 3736 403fd6 3735->3736 3736->3724 3741 403fda SendMessageA 3736->3741 3737->3729 3738->3727 3739->3729 3740->3730 3744 403ea8 GetDlgItem 3740->3744 3741->3729 3742 40140b 2 API calls 3742->3755 3743 40425f DestroyWindow EndDialog 3743->3785 3746 403ed6 3744->3746 3747 403eb9 SendMessageA IsWindowEnabled 3744->3747 3745 40428e ShowWindow 3745->3729 3749 403ee3 3746->3749 3750 403f2a SendMessageA 3746->3750 3751 403ef6 3746->3751 3759 403edb 3746->3759 3747->3729 3747->3746 3748 4062ea 17 API calls 3748->3755 3749->3750 3749->3759 3750->3730 3753 403f13 3751->3753 3754 403efe 3751->3754 3757 40140b 2 API calls 3753->3757 3756 40140b 2 API calls 3754->3756 3755->3729 3755->3742 3755->3743 3755->3748 3758 4042d4 18 API calls 3755->3758 3760 4042d4 18 API calls 3755->3760 3776 40419f DestroyWindow 3755->3776 3756->3759 3757->3759 3758->3755 3759->3730 3786 4042ad 3759->3786 3761 40408b GetDlgItem 3760->3761 3762 4040a0 3761->3762 3763 4040a8 ShowWindow EnableWindow 3761->3763 3762->3763 3789 4042f6 EnableWindow 3763->3789 3765 4040d2 EnableWindow 3770 4040e6 3765->3770 3766 4040eb GetSystemMenu EnableMenuItem SendMessageA 3767 40411b SendMessageA 3766->3767 3766->3770 3767->3770 3769 403dbb 18 API calls 3769->3770 3770->3766 3770->3769 3790 404309 SendMessageA 3770->3790 3791 406257 lstrcpynA 3770->3791 3772 40414a lstrlenA 3773 4062ea 17 API calls 3772->3773 3774 40415b SetWindowTextA 3773->3774 3775 401389 2 API calls 3774->3775 3775->3755 3777 4041b9 CreateDialogParamA 3776->3777 3776->3785 3778 4041ec 3777->3778 3777->3785 3779 4042d4 18 API calls 3778->3779 3780 4041f7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3779->3780 3781 401389 2 API calls 3780->3781 3782 40423d 3781->3782 3782->3729 3783 404245 ShowWindow 3782->3783 3784 404320 SendMessageA 3783->3784 3784->3785 3785->3729 3785->3745 3787 4042b4 3786->3787 3788 4042ba SendMessageA 3786->3788 3787->3788 3788->3730 3789->3765 3790->3770 3791->3772 3792 401a5e 3793 402c17 17 API calls 3792->3793 3794 401a67 3793->3794 3795 402c17 17 API calls 3794->3795 3796 401a0e 3795->3796 3088 403963 3089 40397b 3088->3089 3090 40396d CloseHandle 3088->3090 3095 4039a8 3089->3095 3090->3089 3093 405a19 67 API calls 3094 40398c 3093->3094 3096 4039b6 3095->3096 3097 403980 3096->3097 3098 4039bb FreeLibrary GlobalFree 3096->3098 3097->3093 3098->3097 3098->3098 3797 401563 3798 402a42 3797->3798 3801 4061b5 wsprintfA 3798->3801 3800 402a47 3801->3800 3802 401b63 3803 402c39 17 API calls 3802->3803 3804 401b6a 3803->3804 3805 402c17 17 API calls 3804->3805 3806 401b73 wsprintfA 3805->3806 3807 402ac5 3806->3807 3808 401d65 3809 401d78 GetDlgItem 3808->3809 3810 401d6b 3808->3810 3812 401d72 3809->3812 3811 402c17 17 API calls 3810->3811 3811->3812 3813 401db9 GetClientRect LoadImageA SendMessageA 3812->3813 3814 402c39 17 API calls 3812->3814 3816 401e1a 3813->3816 3818 401e26 3813->3818 3814->3813 3817 401e1f DeleteObject 3816->3817 3816->3818 3817->3818 3819 404766 3820 404792 3819->3820 3821 4047a3 3819->3821 3880 405951 GetDlgItemTextA 3820->3880 3823 4047af GetDlgItem 3821->3823 3826 40480e 3821->3826 3825 4047c3 3823->3825 3824 40479d 3828 406535 5 API calls 3824->3828 3830 4047d7 SetWindowTextA 3825->3830 3835 405c82 4 API calls 3825->3835 3827 4048f2 3826->3827 3831 4062ea 17 API calls 3826->3831 3878 404a9c 3826->3878 3827->3878 3882 405951 GetDlgItemTextA 3827->3882 3828->3821 3833 4042d4 18 API calls 3830->3833 3836 404882 SHBrowseForFolderA 3831->3836 3832 404922 3837 405cd7 18 API calls 3832->3837 3838 4047f3 3833->3838 3834 40433b 8 API calls 3839 404ab0 3834->3839 3840 4047cd 3835->3840 3836->3827 3841 40489a CoTaskMemFree 3836->3841 3842 404928 3837->3842 3843 4042d4 18 API calls 3838->3843 3840->3830 3844 405be9 3 API calls 3840->3844 3845 405be9 3 API calls 3841->3845 3883 406257 lstrcpynA 3842->3883 3846 404801 3843->3846 3844->3830 3849 4048a7 3845->3849 3881 404309 SendMessageA 3846->3881 3850 4048de SetDlgItemTextA 3849->3850 3855 4062ea 17 API calls 3849->3855 3850->3827 3851 404807 3853 406663 5 API calls 3851->3853 3852 40493f 3854 406663 5 API calls 3852->3854 3853->3826 3862 404946 3854->3862 3856 4048c6 lstrcmpiA 3855->3856 3856->3850 3859 4048d7 lstrcatA 3856->3859 3857 404982 3884 406257 lstrcpynA 3857->3884 3859->3850 3860 404989 3861 405c82 4 API calls 3860->3861 3863 40498f GetDiskFreeSpaceA 3861->3863 3862->3857 3865 405c30 2 API calls 3862->3865 3867 4049da 3862->3867 3866 4049b3 MulDiv 3863->3866 3863->3867 3865->3862 3866->3867 3868 404a4b 3867->3868 3869 404be2 20 API calls 3867->3869 3870 404a6e 3868->3870 3872 40140b 2 API calls 3868->3872 3871 404a38 3869->3871 3885 4042f6 EnableWindow 3870->3885 3874 404a4d SetDlgItemTextA 3871->3874 3875 404a3d 3871->3875 3872->3870 3874->3868 3877 404b1d 20 API calls 3875->3877 3876 404a8a 3876->3878 3886 4046bf 3876->3886 3877->3868 3878->3834 3880->3824 3881->3851 3882->3832 3883->3852 3884->3860 3885->3876 3887 4046d2 SendMessageA 3886->3887 3888 4046cd 3886->3888 3887->3878 3888->3887 3889 402766 3890 40276c 3889->3890 3891 402774 FindClose 3890->3891 3892 402ac5 3890->3892 3891->3892 3426 4027e8 3427 402c39 17 API calls 3426->3427 3428 4027f4 3427->3428 3429 40280a 3428->3429 3430 402c39 17 API calls 3428->3430 3431 405dc5 2 API calls 3429->3431 3430->3429 3432 402810 3431->3432 3454 405dea GetFileAttributesA CreateFileA 3432->3454 3434 40281d 3435 4028d9 3434->3435 3436 4028c1 3434->3436 3437 402838 GlobalAlloc 3434->3437 3438 4028e0 DeleteFileA 3435->3438 3439 4028f3 3435->3439 3441 403143 31 API calls 3436->3441 3437->3436 3440 402851 3437->3440 3438->3439 3455 40336b SetFilePointer 3440->3455 3443 4028ce CloseHandle 3441->3443 3443->3435 3444 402857 3445 403355 ReadFile 3444->3445 3446 402860 GlobalAlloc 3445->3446 3447 402870 3446->3447 3448 4028aa 3446->3448 3450 403143 31 API calls 3447->3450 3449 405e91 WriteFile 3448->3449 3451 4028b6 GlobalFree 3449->3451 3452 40287d 3450->3452 3451->3436 3453 4028a1 GlobalFree 3452->3453 3453->3448 3454->3434 3455->3444 3893 4023e8 3894 402c39 17 API calls 3893->3894 3895 4023f9 3894->3895 3896 402c39 17 API calls 3895->3896 3897 402402 3896->3897 3898 402c39 17 API calls 3897->3898 3899 40240c GetPrivateProfileStringA 3898->3899 3900 40166a 3901 402c39 17 API calls 3900->3901 3902 401671 3901->3902 3903 402c39 17 API calls 3902->3903 3904 40167a 3903->3904 3905 402c39 17 API calls 3904->3905 3906 401683 MoveFileA 3905->3906 3907 401696 3906->3907 3908 40168f 3906->3908 3910 4065ce 2 API calls 3907->3910 3912 4022ea 3907->3912 3909 401423 24 API calls 3908->3909 3909->3912 3911 4016a5 3910->3911 3911->3912 3913 406030 36 API calls 3911->3913 3913->3908 3914 4052ec 3915 405310 3914->3915 3916 4052fc 3914->3916 3918 405318 IsWindowVisible 3915->3918 3924 40532f 3915->3924 3917 405302 3916->3917 3926 405359 3916->3926 3920 404320 SendMessageA 3917->3920 3921 405325 3918->3921 3918->3926 3919 40535e CallWindowProcA 3922 40530c 3919->3922 3920->3922 3923 404c27 5 API calls 3921->3923 3923->3924 3924->3919 3925 404ca7 4 API calls 3924->3925 3925->3926 3926->3919 3927 4019ed 3928 402c39 17 API calls 3927->3928 3929 4019f4 3928->3929 3930 402c39 17 API calls 3929->3930 3931 4019fd 3930->3931 3932 401a04 lstrcmpiA 3931->3932 3933 401a16 lstrcmpA 3931->3933 3934 401a0a 3932->3934 3933->3934 3935 40156f 3936 401586 3935->3936 3937 40157f ShowWindow 3935->3937 3938 401594 ShowWindow 3936->3938 3939 402ac5 3936->3939 3937->3936 3938->3939 3940 402173 3941 402c39 17 API calls 3940->3941 3942 40217a 3941->3942 3943 402c39 17 API calls 3942->3943 3944 402184 3943->3944 3945 402c39 17 API calls 3944->3945 3946 40218e 3945->3946 3947 402c39 17 API calls 3946->3947 3948 40219b 3947->3948 3949 402c39 17 API calls 3948->3949 3950 4021a5 3949->3950 3951 4021e7 CoCreateInstance 3950->3951 3952 402c39 17 API calls 3950->3952 3955 402206 3951->3955 3957 4022b4 3951->3957 3952->3951 3953 401423 24 API calls 3954 4022ea 3953->3954 3956 402294 MultiByteToWideChar 3955->3956 3955->3957 3956->3957 3957->3953 3957->3954 3958 4022f3 3959 402c39 17 API calls 3958->3959 3960 4022f9 3959->3960 3961 402c39 17 API calls 3960->3961 3962 402302 3961->3962 3963 402c39 17 API calls 3962->3963 3964 40230b 3963->3964 3965 4065ce 2 API calls 3964->3965 3966 402314 3965->3966 3967 402325 lstrlenA lstrlenA 3966->3967 3971 402318 3966->3971 3969 405378 24 API calls 3967->3969 3968 405378 24 API calls 3972 402320 3968->3972 3970 402361 SHFileOperationA 3969->3970 3970->3971 3970->3972 3971->3968 3971->3972 3973 4014f4 SetForegroundWindow 3974 402ac5 3973->3974 3975 402375 3976 40238f 3975->3976 3977 40237c 3975->3977 3978 4062ea 17 API calls 3977->3978 3979 402389 3978->3979 3980 40596d MessageBoxIndirectA 3979->3980 3980->3976 3981 402675 3982 402c17 17 API calls 3981->3982 3985 40267f 3982->3985 3983 4026ed 3984 405e62 ReadFile 3984->3985 3985->3983 3985->3984 3986 4026ef 3985->3986 3987 4026ff 3985->3987 3990 4061b5 wsprintfA 3986->3990 3987->3983 3989 402715 SetFilePointer 3987->3989 3989->3983 3990->3983 3991 4029f6 3992 402a49 3991->3992 3993 4029fd 3991->3993 3994 406663 5 API calls 3992->3994 3995 402c17 17 API calls 3993->3995 3998 402a47 3993->3998 3996 402a50 3994->3996 3999 402a0b 3995->3999 3997 402c39 17 API calls 3996->3997 4000 402a59 3997->4000 4001 402c17 17 API calls 3999->4001 4000->3998 4009 4062aa 4000->4009 4003 402a1a 4001->4003 4008 4061b5 wsprintfA 4003->4008 4004 402a67 4004->3998 4013 406294 4004->4013 4008->3998 4010 4062b5 4009->4010 4011 4062d8 IIDFromString 4010->4011 4012 4062d1 4010->4012 4011->4004 4012->4004 4016 406279 WideCharToMultiByte 4013->4016 4015 402a88 CoTaskMemFree 4015->3998 4016->4015 4017 401ef9 4018 402c39 17 API calls 4017->4018 4019 401eff 4018->4019 4020 402c39 17 API calls 4019->4020 4021 401f08 4020->4021 4022 402c39 17 API calls 4021->4022 4023 401f11 4022->4023 4024 402c39 17 API calls 4023->4024 4025 401f1a 4024->4025 4026 401423 24 API calls 4025->4026 4027 401f21 4026->4027 4034 405933 ShellExecuteExA 4027->4034 4029 401f5c 4030 4066d8 5 API calls 4029->4030 4031 4027c8 4029->4031 4032 401f76 CloseHandle 4030->4032 4032->4031 4034->4029 3501 401f7b 3502 402c39 17 API calls 3501->3502 3503 401f81 3502->3503 3504 405378 24 API calls 3503->3504 3505 401f8b 3504->3505 3506 4058f0 2 API calls 3505->3506 3508 401f91 3506->3508 3507 4027c8 3508->3507 3509 401fb2 CloseHandle 3508->3509 3516 4066d8 WaitForSingleObject 3508->3516 3509->3507 3512 401fa6 3513 401fb4 3512->3513 3514 401fab 3512->3514 3513->3509 3521 4061b5 wsprintfA 3514->3521 3517 4066f2 3516->3517 3518 406704 GetExitCodeProcess 3517->3518 3519 40669f 2 API calls 3517->3519 3518->3512 3520 4066f9 WaitForSingleObject 3519->3520 3520->3517 3521->3509 4035 401ffb 4036 402c39 17 API calls 4035->4036 4037 402002 4036->4037 4038 406663 5 API calls 4037->4038 4039 402011 4038->4039 4040 402029 GlobalAlloc 4039->4040 4042 402099 4039->4042 4041 40203d 4040->4041 4040->4042 4043 406663 5 API calls 4041->4043 4044 402044 4043->4044 4045 406663 5 API calls 4044->4045 4046 40204e 4045->4046 4046->4042 4050 4061b5 wsprintfA 4046->4050 4048 402089 4051 4061b5 wsprintfA 4048->4051 4050->4048 4051->4042 4052 4039fb 4053 403a06 4052->4053 4054 403a0d GlobalAlloc 4053->4054 4055 403a0a 4053->4055 4054->4055 4056 4018fd 4057 401934 4056->4057 4058 402c39 17 API calls 4057->4058 4059 401939 4058->4059 4060 405a19 67 API calls 4059->4060 4061 401942 4060->4061 3542 40247e 3543 402c39 17 API calls 3542->3543 3544 402490 3543->3544 3545 402c39 17 API calls 3544->3545 3546 40249a 3545->3546 3559 402cc9 3546->3559 3549 402ac5 3550 4024cf 3555 4024db 3550->3555 3563 402c17 3550->3563 3551 402c39 17 API calls 3552 4024c8 lstrlenA 3551->3552 3552->3550 3554 4024fd RegSetValueExA 3557 402513 RegCloseKey 3554->3557 3555->3554 3556 403143 31 API calls 3555->3556 3556->3554 3557->3549 3560 402ce4 3559->3560 3566 40610b 3560->3566 3564 4062ea 17 API calls 3563->3564 3565 402c2c 3564->3565 3565->3555 3567 40611a 3566->3567 3568 4024aa 3567->3568 3569 406125 RegCreateKeyExA 3567->3569 3568->3549 3568->3550 3568->3551 3569->3568 4062 401cfe 4063 402c17 17 API calls 4062->4063 4064 401d04 IsWindow 4063->4064 4065 401a0e 4064->4065 4066 401000 4067 401037 BeginPaint GetClientRect 4066->4067 4068 40100c DefWindowProcA 4066->4068 4070 4010f3 4067->4070 4071 401179 4068->4071 4072 401073 CreateBrushIndirect FillRect DeleteObject 4070->4072 4073 4010fc 4070->4073 4072->4070 4074 401102 CreateFontIndirectA 4073->4074 4075 401167 EndPaint 4073->4075 4074->4075 4076 401112 6 API calls 4074->4076 4075->4071 4076->4075 4077 401900 4078 402c39 17 API calls 4077->4078 4079 401907 4078->4079 4080 40596d MessageBoxIndirectA 4079->4080 4081 401910 4080->4081 4082 402780 4083 402786 4082->4083 4084 40278a FindNextFileA 4083->4084 4086 40279c 4083->4086 4085 4027db 4084->4085 4084->4086 4088 406257 lstrcpynA 4085->4088 4088->4086 4089 401502 4090 40150a 4089->4090 4092 40151d 4089->4092 4091 402c17 17 API calls 4090->4091 4091->4092 4093 401b87 4094 401b94 4093->4094 4095 401bd8 4093->4095 4096 401c1c 4094->4096 4102 401bab 4094->4102 4097 401c01 GlobalAlloc 4095->4097 4098 401bdc 4095->4098 4100 4062ea 17 API calls 4096->4100 4111 40238f 4096->4111 4099 4062ea 17 API calls 4097->4099 4098->4111 4114 406257 lstrcpynA 4098->4114 4099->4096 4101 402389 4100->4101 4106 40596d MessageBoxIndirectA 4101->4106 4112 406257 lstrcpynA 4102->4112 4104 401bee GlobalFree 4104->4111 4106->4111 4107 401bba 4113 406257 lstrcpynA 4107->4113 4109 401bc9 4115 406257 lstrcpynA 4109->4115 4112->4107 4113->4109 4114->4104 4115->4111 3497 401389 3499 401390 3497->3499 3498 4013fe 3499->3498 3500 4013cb MulDiv SendMessageA 3499->3500 3500->3499 4116 40440a lstrcpynA lstrlenA 4117 40298a 4118 402c17 17 API calls 4117->4118 4119 402990 4118->4119 4120 4027c8 4119->4120 4121 4062ea 17 API calls 4119->4121 4121->4120 4122 40260c 4123 402c39 17 API calls 4122->4123 4124 402613 4123->4124 4127 405dea GetFileAttributesA CreateFileA 4124->4127 4126 40261f 4127->4126 4128 401490 4129 405378 24 API calls 4128->4129 4130 401497 4129->4130 4131 402590 4141 402c79 4131->4141 4134 402c17 17 API calls 4135 4025a3 4134->4135 4136 4025ca RegEnumValueA 4135->4136 4137 4025be RegEnumKeyA 4135->4137 4139 4027c8 4135->4139 4138 4025df RegCloseKey 4136->4138 4137->4138 4138->4139 4142 402c39 17 API calls 4141->4142 4143 402c90 4142->4143 4144 4060dd RegOpenKeyExA 4143->4144 4145 40259a 4144->4145 4145->4134 4146 40149d 4147 4014ab PostQuitMessage 4146->4147 4148 40238f 4146->4148 4147->4148 4149 40159d 4150 402c39 17 API calls 4149->4150 4151 4015a4 SetFileAttributesA 4150->4151 4152 4015b6 4151->4152 4153 401a1e 4154 402c39 17 API calls 4153->4154 4155 401a27 ExpandEnvironmentStringsA 4154->4155 4156 401a3b 4155->4156 4158 401a4e 4155->4158 4157 401a40 lstrcmpA 4156->4157 4156->4158 4157->4158 4159 40251e 4160 402c79 17 API calls 4159->4160 4161 402528 4160->4161 4162 402c39 17 API calls 4161->4162 4163 402531 4162->4163 4164 40253b RegQueryValueExA 4163->4164 4167 4027c8 4163->4167 4165 402561 RegCloseKey 4164->4165 4166 40255b 4164->4166 4165->4167 4166->4165 4170 4061b5 wsprintfA 4166->4170 4170->4165 4176 40471f 4177 404755 4176->4177 4178 40472f 4176->4178 4179 40433b 8 API calls 4177->4179 4180 4042d4 18 API calls 4178->4180 4181 404761 4179->4181 4182 40473c SetDlgItemTextA 4180->4182 4182->4177 4183 40171f 4184 402c39 17 API calls 4183->4184 4185 401726 SearchPathA 4184->4185 4186 401741 4185->4186 4187 401d1f 4188 402c17 17 API calls 4187->4188 4189 401d26 4188->4189 4190 402c17 17 API calls 4189->4190 4191 401d32 GetDlgItem 4190->4191 4192 402628 4191->4192 4193 402aa0 SendMessageA 4194 402ac5 4193->4194 4195 402aba InvalidateRect 4193->4195 4195->4194 4196 4023a4 4197 4023b2 4196->4197 4198 4023ac 4196->4198 4200 4023c2 4197->4200 4201 402c39 17 API calls 4197->4201 4199 402c39 17 API calls 4198->4199 4199->4197 4202 4023d0 4200->4202 4204 402c39 17 API calls 4200->4204 4201->4200 4203 402c39 17 API calls 4202->4203 4205 4023d9 WritePrivateProfileStringA 4203->4205 4204->4202 3399 4020a5 3400 4020b7 3399->3400 3401 402165 3399->3401 3402 402c39 17 API calls 3400->3402 3403 401423 24 API calls 3401->3403 3404 4020be 3402->3404 3409 4022ea 3403->3409 3405 402c39 17 API calls 3404->3405 3406 4020c7 3405->3406 3407 4020dc LoadLibraryExA 3406->3407 3408 4020cf GetModuleHandleA 3406->3408 3407->3401 3410 4020ec GetProcAddress 3407->3410 3408->3407 3408->3410 3411 402138 3410->3411 3412 4020fb 3410->3412 3413 405378 24 API calls 3411->3413 3415 40210b 3412->3415 3417 401423 3412->3417 3413->3415 3415->3409 3416 402159 FreeLibrary 3415->3416 3416->3409 3418 405378 24 API calls 3417->3418 3419 401431 3418->3419 3419->3415 4206 402e25 4207 402e34 SetTimer 4206->4207 4208 402e4d 4206->4208 4207->4208 4209 402ea2 4208->4209 4210 402e67 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4208->4210 4210->4209 4211 402429 4212 402430 4211->4212 4213 40245b 4211->4213 4214 402c79 17 API calls 4212->4214 4215 402c39 17 API calls 4213->4215 4216 402437 4214->4216 4217 402462 4215->4217 4219 402c39 17 API calls 4216->4219 4221 40246f 4216->4221 4222 402cf7 4217->4222 4220 402448 RegDeleteValueA RegCloseKey 4219->4220 4220->4221 4223 402d03 4222->4223 4224 402d0a 4222->4224 4223->4221 4224->4223 4226 402d3b 4224->4226 4227 4060dd RegOpenKeyExA 4226->4227 4228 402d69 4227->4228 4229 402e13 4228->4229 4230 402d79 RegEnumValueA 4228->4230 4234 402d9c 4228->4234 4229->4223 4231 402e03 RegCloseKey 4230->4231 4230->4234 4231->4229 4232 402dd8 RegEnumKeyA 4233 402de1 RegCloseKey 4232->4233 4232->4234 4235 406663 5 API calls 4233->4235 4234->4231 4234->4232 4234->4233 4236 402d3b 6 API calls 4234->4236 4237 402df1 4235->4237 4236->4234 4237->4229 4238 402df5 RegDeleteKeyA 4237->4238 4238->4229 4239 4027aa 4240 402c39 17 API calls 4239->4240 4241 4027b1 FindFirstFileA 4240->4241 4242 4027d4 4241->4242 4246 4027c4 4241->4246 4244 4027db 4242->4244 4247 4061b5 wsprintfA 4242->4247 4248 406257 lstrcpynA 4244->4248 4247->4244 4248->4246 4249 401c2e 4250 402c17 17 API calls 4249->4250 4251 401c35 4250->4251 4252 402c17 17 API calls 4251->4252 4253 401c42 4252->4253 4254 401c57 4253->4254 4255 402c39 17 API calls 4253->4255 4256 402c39 17 API calls 4254->4256 4260 401c67 4254->4260 4255->4254 4256->4260 4257 401c72 4261 402c17 17 API calls 4257->4261 4258 401cbe 4259 402c39 17 API calls 4258->4259 4262 401cc3 4259->4262 4260->4257 4260->4258 4263 401c77 4261->4263 4264 402c39 17 API calls 4262->4264 4265 402c17 17 API calls 4263->4265 4266 401ccc FindWindowExA 4264->4266 4267 401c83 4265->4267 4270 401cea 4266->4270 4268 401c90 SendMessageTimeoutA 4267->4268 4269 401cae SendMessageA 4267->4269 4268->4270 4269->4270 4271 40262e 4272 402633 4271->4272 4273 402647 4271->4273 4275 402c17 17 API calls 4272->4275 4274 402c39 17 API calls 4273->4274 4276 40264e lstrlenA 4274->4276 4277 40263c 4275->4277 4276->4277 4278 405e91 WriteFile 4277->4278 4279 402670 4277->4279 4278->4279 2900 401932 2901 401934 2900->2901 2906 402c39 2901->2906 2907 402c45 2906->2907 2949 4062ea 2907->2949 2910 401939 2912 405a19 2910->2912 2991 405cd7 2912->2991 2915 405a41 DeleteFileA 2945 401942 2915->2945 2916 405a58 2917 405b86 2916->2917 3005 406257 lstrcpynA 2916->3005 2917->2945 3034 4065ce FindFirstFileA 2917->3034 2919 405a7e 2920 405a91 2919->2920 2921 405a84 lstrcatA 2919->2921 3006 405c30 lstrlenA 2920->3006 2922 405a97 2921->2922 2925 405aa5 lstrcatA 2922->2925 2927 405ab0 lstrlenA FindFirstFileA 2922->2927 2925->2927 2927->2917 2931 405ad4 2927->2931 2929 405c14 CharNextA 2929->2931 2931->2929 2938 405b65 FindNextFileA 2931->2938 2944 405a19 60 API calls 2931->2944 2946 405378 24 API calls 2931->2946 3010 406257 lstrcpynA 2931->3010 3011 4059d1 2931->3011 3019 405378 2931->3019 3030 406030 MoveFileExA 2931->3030 2932 4059d1 5 API calls 2933 405bc0 2932->2933 2934 405bc4 2933->2934 2935 405bda 2933->2935 2939 405378 24 API calls 2934->2939 2934->2945 2937 405378 24 API calls 2935->2937 2937->2945 2938->2931 2940 405b7d FindClose 2938->2940 2941 405bd1 2939->2941 2940->2917 2942 406030 36 API calls 2941->2942 2942->2945 2944->2931 2946->2938 2961 4062f7 2949->2961 2950 40651c 2951 402c66 2950->2951 2982 406257 lstrcpynA 2950->2982 2951->2910 2966 406535 2951->2966 2953 4064f6 lstrlenA 2953->2961 2956 4062ea 10 API calls 2956->2953 2958 406412 GetSystemDirectoryA 2958->2961 2959 406425 GetWindowsDirectoryA 2959->2961 2960 406535 5 API calls 2960->2961 2961->2950 2961->2953 2961->2956 2961->2958 2961->2959 2961->2960 2962 406459 SHGetSpecialFolderLocation 2961->2962 2963 4062ea 10 API calls 2961->2963 2964 40649f lstrcatA 2961->2964 2975 40613e 2961->2975 2980 4061b5 wsprintfA 2961->2980 2981 406257 lstrcpynA 2961->2981 2962->2961 2965 406471 SHGetPathFromIDListA CoTaskMemFree 2962->2965 2963->2961 2964->2961 2965->2961 2968 406541 2966->2968 2967 4065a9 2969 4065ad CharPrevA 2967->2969 2972 4065c8 2967->2972 2968->2967 2970 40659e CharNextA 2968->2970 2973 40658c CharNextA 2968->2973 2974 406599 CharNextA 2968->2974 2987 405c14 2968->2987 2969->2967 2970->2967 2970->2968 2972->2910 2973->2968 2974->2970 2983 4060dd 2975->2983 2978 406172 RegQueryValueExA RegCloseKey 2979 4061a1 2978->2979 2979->2961 2980->2961 2981->2961 2982->2951 2984 4060ec 2983->2984 2985 4060f0 2984->2985 2986 4060f5 RegOpenKeyExA 2984->2986 2985->2978 2985->2979 2986->2985 2988 405c1a 2987->2988 2989 405c2d 2988->2989 2990 405c20 CharNextA 2988->2990 2989->2968 2990->2988 3040 406257 lstrcpynA 2991->3040 2993 405ce8 3041 405c82 CharNextA CharNextA 2993->3041 2996 405a39 2996->2915 2996->2916 2997 406535 5 API calls 3003 405cfe 2997->3003 2998 405d29 lstrlenA 2999 405d34 2998->2999 2998->3003 3000 405be9 3 API calls 2999->3000 3002 405d39 GetFileAttributesA 3000->3002 3001 4065ce 2 API calls 3001->3003 3002->2996 3003->2996 3003->2998 3003->3001 3004 405c30 2 API calls 3003->3004 3004->2998 3005->2919 3007 405c3d 3006->3007 3008 405c42 CharPrevA 3007->3008 3009 405c4e 3007->3009 3008->3007 3008->3009 3009->2922 3010->2931 3047 405dc5 GetFileAttributesA 3011->3047 3014 4059fe 3014->2931 3015 4059f4 DeleteFileA 3017 4059fa 3015->3017 3016 4059ec RemoveDirectoryA 3016->3017 3017->3014 3018 405a0a SetFileAttributesA 3017->3018 3018->3014 3020 405436 3019->3020 3021 405393 3019->3021 3020->2931 3022 4053b0 lstrlenA 3021->3022 3023 4062ea 17 API calls 3021->3023 3024 4053d9 3022->3024 3025 4053be lstrlenA 3022->3025 3023->3022 3027 4053ec 3024->3027 3028 4053df SetWindowTextA 3024->3028 3025->3020 3026 4053d0 lstrcatA 3025->3026 3026->3024 3027->3020 3029 4053f2 SendMessageA SendMessageA SendMessageA 3027->3029 3028->3027 3029->3020 3031 406051 3030->3031 3032 406044 3030->3032 3031->2931 3050 405ec0 3032->3050 3035 4065e4 FindClose 3034->3035 3036 405baa 3034->3036 3035->3036 3036->2945 3037 405be9 lstrlenA CharPrevA 3036->3037 3038 405c03 lstrcatA 3037->3038 3039 405bb4 3037->3039 3038->3039 3039->2932 3040->2993 3042 405c9d 3041->3042 3046 405cad 3041->3046 3044 405ca8 CharNextA 3042->3044 3042->3046 3043 405ccd 3043->2996 3043->2997 3044->3043 3045 405c14 CharNextA 3045->3046 3046->3043 3046->3045 3048 4059dd 3047->3048 3049 405dd7 SetFileAttributesA 3047->3049 3048->3014 3048->3015 3048->3016 3049->3048 3051 405ee6 3050->3051 3052 405f0c GetShortPathNameA 3050->3052 3077 405dea GetFileAttributesA CreateFileA 3051->3077 3054 405f21 3052->3054 3055 40602b 3052->3055 3054->3055 3057 405f29 wsprintfA 3054->3057 3055->3031 3056 405ef0 CloseHandle GetShortPathNameA 3056->3055 3059 405f04 3056->3059 3058 4062ea 17 API calls 3057->3058 3060 405f51 3058->3060 3059->3052 3059->3055 3078 405dea GetFileAttributesA CreateFileA 3060->3078 3062 405f5e 3062->3055 3063 405f6d GetFileSize GlobalAlloc 3062->3063 3064 406024 CloseHandle 3063->3064 3065 405f8f 3063->3065 3064->3055 3079 405e62 ReadFile 3065->3079 3070 405fc2 3073 405d4f 4 API calls 3070->3073 3071 405fae lstrcpyA 3072 405fd0 3071->3072 3074 406007 SetFilePointer 3072->3074 3073->3072 3086 405e91 WriteFile 3074->3086 3077->3056 3078->3062 3080 405e80 3079->3080 3080->3064 3081 405d4f lstrlenA 3080->3081 3082 405d90 lstrlenA 3081->3082 3083 405d98 3082->3083 3084 405d69 lstrcmpiA 3082->3084 3083->3070 3083->3071 3084->3083 3085 405d87 CharNextA 3084->3085 3085->3082 3087 405eaf GlobalFree 3086->3087 3087->3064 3099 4033b3 SetErrorMode GetVersionExA 3100 403405 GetVersionExA 3099->3100 3102 403444 3099->3102 3101 403421 3100->3101 3100->3102 3101->3102 3103 4034c8 3102->3103 3104 406663 5 API calls 3102->3104 3191 4065f5 GetSystemDirectoryA 3103->3191 3104->3103 3106 4034de lstrlenA 3106->3103 3107 4034ee 3106->3107 3194 406663 GetModuleHandleA 3107->3194 3110 406663 5 API calls 3111 4034fc 3110->3111 3112 406663 5 API calls 3111->3112 3113 403508 #17 OleInitialize SHGetFileInfoA 3112->3113 3200 406257 lstrcpynA 3113->3200 3116 403556 GetCommandLineA 3201 406257 lstrcpynA 3116->3201 3118 403568 3119 405c14 CharNextA 3118->3119 3120 40358f CharNextA 3119->3120 3129 40359e 3120->3129 3121 403664 3122 403678 GetTempPathA 3121->3122 3202 403382 3122->3202 3124 403690 3125 403694 GetWindowsDirectoryA lstrcatA 3124->3125 3126 4036ea DeleteFileA 3124->3126 3128 403382 12 API calls 3125->3128 3212 402f0c GetTickCount GetModuleFileNameA 3126->3212 3127 405c14 CharNextA 3127->3129 3131 4036b0 3128->3131 3129->3121 3129->3127 3132 403666 3129->3132 3131->3126 3134 4036b4 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3131->3134 3297 406257 lstrcpynA 3132->3297 3133 4036fd 3135 403795 ExitProcess OleUninitialize 3133->3135 3145 405c14 CharNextA 3133->3145 3174 403782 3133->3174 3137 403382 12 API calls 3134->3137 3138 4037ac 3135->3138 3139 4038cf 3135->3139 3143 4036e2 3137->3143 3300 40596d 3138->3300 3141 4038d7 GetCurrentProcess OpenProcessToken 3139->3141 3142 40394d ExitProcess 3139->3142 3148 40391d 3141->3148 3149 4038ee LookupPrivilegeValueA AdjustTokenPrivileges 3141->3149 3143->3126 3143->3135 3151 403717 3145->3151 3152 406663 5 API calls 3148->3152 3149->3148 3153 4037c1 3151->3153 3154 40375c 3151->3154 3158 403924 3152->3158 3304 4058d8 3153->3304 3156 405cd7 18 API calls 3154->3156 3160 403768 3156->3160 3157 403939 ExitWindowsEx 3157->3142 3161 403946 3157->3161 3158->3157 3158->3161 3160->3135 3298 406257 lstrcpynA 3160->3298 3320 40140b 3161->3320 3162 4037e2 lstrcatA lstrcmpiA 3162->3135 3165 4037fe 3162->3165 3163 4037d7 lstrcatA 3163->3162 3167 403803 3165->3167 3168 40380a 3165->3168 3307 40583e CreateDirectoryA 3167->3307 3312 4058bb CreateDirectoryA 3168->3312 3169 403777 3299 406257 lstrcpynA 3169->3299 3240 403a3d 3174->3240 3175 40380f SetCurrentDirectoryA 3176 40382a 3175->3176 3177 40381f 3175->3177 3316 406257 lstrcpynA 3176->3316 3315 406257 lstrcpynA 3177->3315 3180 4062ea 17 API calls 3181 40386c DeleteFileA 3180->3181 3182 40387a CopyFileA 3181->3182 3188 403837 3181->3188 3182->3188 3183 4038c3 3184 406030 36 API calls 3183->3184 3186 4038ca 3184->3186 3185 406030 36 API calls 3185->3188 3186->3135 3187 4062ea 17 API calls 3187->3188 3188->3180 3188->3183 3188->3185 3188->3187 3190 4038ae CloseHandle 3188->3190 3317 4058f0 CreateProcessA 3188->3317 3190->3188 3192 406617 wsprintfA LoadLibraryExA 3191->3192 3192->3106 3195 406689 GetProcAddress 3194->3195 3196 40667f 3194->3196 3198 4034f5 3195->3198 3197 4065f5 3 API calls 3196->3197 3199 406685 3197->3199 3198->3110 3199->3195 3199->3198 3200->3116 3201->3118 3203 406535 5 API calls 3202->3203 3205 40338e 3203->3205 3204 403398 3204->3124 3205->3204 3206 405be9 3 API calls 3205->3206 3207 4033a0 3206->3207 3208 4058bb 2 API calls 3207->3208 3209 4033a6 3208->3209 3323 405e19 3209->3323 3327 405dea GetFileAttributesA CreateFileA 3212->3327 3214 402f4c 3233 402f5c 3214->3233 3328 406257 lstrcpynA 3214->3328 3216 402f72 3217 405c30 2 API calls 3216->3217 3218 402f78 3217->3218 3329 406257 lstrcpynA 3218->3329 3220 402f83 GetFileSize 3221 40307d 3220->3221 3239 402f9a 3220->3239 3330 402ea8 3221->3330 3223 403086 3225 4030b6 GlobalAlloc 3223->3225 3223->3233 3365 40336b SetFilePointer 3223->3365 3341 40336b SetFilePointer 3225->3341 3226 4030e9 3230 402ea8 6 API calls 3226->3230 3229 4030d1 3342 403143 3229->3342 3230->3233 3231 40309f 3234 403355 ReadFile 3231->3234 3233->3133 3236 4030aa 3234->3236 3235 402ea8 6 API calls 3235->3239 3236->3225 3236->3233 3237 4030dd 3237->3233 3237->3237 3238 40311a SetFilePointer 3237->3238 3238->3233 3239->3221 3239->3226 3239->3233 3239->3235 3362 403355 3239->3362 3241 406663 5 API calls 3240->3241 3242 403a51 3241->3242 3243 403a57 3242->3243 3244 403a69 3242->3244 3379 4061b5 wsprintfA 3243->3379 3245 40613e 3 API calls 3244->3245 3246 403a94 3245->3246 3247 403ab2 lstrcatA 3246->3247 3249 40613e 3 API calls 3246->3249 3250 403a67 3247->3250 3249->3247 3371 403d02 3250->3371 3253 405cd7 18 API calls 3254 403ae4 3253->3254 3255 403b6d 3254->3255 3257 40613e 3 API calls 3254->3257 3256 405cd7 18 API calls 3255->3256 3258 403b73 3256->3258 3259 403b10 3257->3259 3260 403b83 LoadImageA 3258->3260 3263 4062ea 17 API calls 3258->3263 3259->3255 3267 403b2c lstrlenA 3259->3267 3271 405c14 CharNextA 3259->3271 3261 403c29 3260->3261 3262 403baa RegisterClassA 3260->3262 3266 40140b 2 API calls 3261->3266 3264 403be0 SystemParametersInfoA CreateWindowExA 3262->3264 3265 403792 3262->3265 3263->3260 3264->3261 3265->3135 3270 403c2f 3266->3270 3268 403b60 3267->3268 3269 403b3a lstrcmpiA 3267->3269 3273 405be9 3 API calls 3268->3273 3269->3268 3272 403b4a GetFileAttributesA 3269->3272 3270->3265 3276 403d02 18 API calls 3270->3276 3274 403b2a 3271->3274 3275 403b56 3272->3275 3277 403b66 3273->3277 3274->3267 3275->3268 3278 405c30 2 API calls 3275->3278 3279 403c40 3276->3279 3380 406257 lstrcpynA 3277->3380 3278->3268 3281 403c4c ShowWindow 3279->3281 3282 403ccf 3279->3282 3284 4065f5 3 API calls 3281->3284 3381 40544a OleInitialize 3282->3381 3286 403c64 3284->3286 3285 403cd5 3287 403cf1 3285->3287 3288 403cd9 3285->3288 3289 403c72 GetClassInfoA 3286->3289 3291 4065f5 3 API calls 3286->3291 3290 40140b 2 API calls 3287->3290 3288->3265 3295 40140b 2 API calls 3288->3295 3292 403c86 GetClassInfoA RegisterClassA 3289->3292 3293 403c9c DialogBoxParamA 3289->3293 3290->3265 3291->3289 3292->3293 3294 40140b 2 API calls 3293->3294 3296 403cc4 3294->3296 3295->3265 3296->3265 3297->3122 3298->3169 3299->3174 3301 405982 3300->3301 3302 4037b9 ExitProcess 3301->3302 3303 405996 MessageBoxIndirectA 3301->3303 3303->3302 3305 406663 5 API calls 3304->3305 3306 4037c6 lstrcatA 3305->3306 3306->3162 3306->3163 3308 403808 3307->3308 3309 40588f GetLastError 3307->3309 3308->3175 3309->3308 3310 40589e SetFileSecurityA 3309->3310 3310->3308 3311 4058b4 GetLastError 3310->3311 3311->3308 3313 4058cb 3312->3313 3314 4058cf GetLastError 3312->3314 3313->3175 3314->3313 3315->3176 3316->3188 3318 405923 CloseHandle 3317->3318 3319 40592f 3317->3319 3318->3319 3319->3188 3321 401389 2 API calls 3320->3321 3322 401420 3321->3322 3322->3142 3324 405e24 GetTickCount GetTempFileNameA 3323->3324 3325 405e51 3324->3325 3326 4033b1 3324->3326 3325->3324 3325->3326 3326->3124 3327->3214 3328->3216 3329->3220 3331 402eb1 3330->3331 3332 402ec9 3330->3332 3335 402ec1 3331->3335 3336 402eba DestroyWindow 3331->3336 3333 402ed1 3332->3333 3334 402ed9 GetTickCount 3332->3334 3366 40669f 3333->3366 3338 402ee7 CreateDialogParamA ShowWindow 3334->3338 3339 402f0a 3334->3339 3335->3223 3336->3335 3338->3339 3339->3223 3341->3229 3343 403159 3342->3343 3344 403187 3343->3344 3370 40336b SetFilePointer 3343->3370 3346 403355 ReadFile 3344->3346 3347 403192 3346->3347 3348 4031a4 GetTickCount 3347->3348 3349 4032ee 3347->3349 3351 4032d8 3347->3351 3348->3351 3358 4031f3 3348->3358 3350 403330 3349->3350 3355 4032f2 3349->3355 3353 403355 ReadFile 3350->3353 3351->3237 3352 403355 ReadFile 3352->3358 3353->3351 3354 403355 ReadFile 3354->3355 3355->3351 3355->3354 3356 405e91 WriteFile 3355->3356 3356->3355 3357 403249 GetTickCount 3357->3358 3358->3351 3358->3352 3358->3357 3359 40326e MulDiv wsprintfA 3358->3359 3361 405e91 WriteFile 3358->3361 3360 405378 24 API calls 3359->3360 3360->3358 3361->3358 3363 405e62 ReadFile 3362->3363 3364 403368 3363->3364 3364->3239 3365->3231 3367 4066bc PeekMessageA 3366->3367 3368 4066b2 DispatchMessageA 3367->3368 3369 402ed7 3367->3369 3368->3367 3369->3223 3370->3344 3372 403d16 3371->3372 3388 4061b5 wsprintfA 3372->3388 3374 403d87 3389 403dbb 3374->3389 3376 403ac2 3376->3253 3377 403d8c 3377->3376 3378 4062ea 17 API calls 3377->3378 3378->3377 3379->3250 3380->3255 3392 404320 3381->3392 3383 405494 3384 404320 SendMessageA 3383->3384 3385 4054a6 OleUninitialize 3384->3385 3385->3285 3386 40546d 3386->3383 3395 401389 3386->3395 3388->3374 3390 4062ea 17 API calls 3389->3390 3391 403dc9 SetWindowTextA 3390->3391 3391->3377 3393 404338 3392->3393 3394 404329 SendMessageA 3392->3394 3393->3386 3394->3393 3397 401390 3395->3397 3396 4013fe 3396->3386 3397->3396 3398 4013cb MulDiv SendMessageA 3397->3398 3398->3397 4280 402733 4281 40273a 4280->4281 4283 402a47 4280->4283 4282 402c17 17 API calls 4281->4282 4284 402741 4282->4284 4285 402750 SetFilePointer 4284->4285 4285->4283 4286 402760 4285->4286 4288 4061b5 wsprintfA 4286->4288 4288->4283 4289 401e35 GetDC 4290 402c17 17 API calls 4289->4290 4291 401e47 GetDeviceCaps MulDiv ReleaseDC 4290->4291 4292 402c17 17 API calls 4291->4292 4293 401e78 4292->4293 4294 4062ea 17 API calls 4293->4294 4295 401eb5 CreateFontIndirectA 4294->4295 4296 402628 4295->4296 4297 4054b6 4298 405661 4297->4298 4299 4054d8 GetDlgItem GetDlgItem GetDlgItem 4297->4299 4301 405691 4298->4301 4302 405669 GetDlgItem CreateThread CloseHandle 4298->4302 4342 404309 SendMessageA 4299->4342 4304 4056bf 4301->4304 4305 4056e0 4301->4305 4306 4056a7 ShowWindow ShowWindow 4301->4306 4302->4301 4303 405548 4309 40554f GetClientRect GetSystemMetrics SendMessageA SendMessageA 4303->4309 4307 40571a 4304->4307 4311 4056f3 ShowWindow 4304->4311 4312 4056cf 4304->4312 4308 40433b 8 API calls 4305->4308 4344 404309 SendMessageA 4306->4344 4307->4305 4318 405727 SendMessageA 4307->4318 4313 4056ec 4308->4313 4316 4055a1 SendMessageA SendMessageA 4309->4316 4317 4055bd 4309->4317 4314 405713 4311->4314 4315 405705 4311->4315 4319 4042ad SendMessageA 4312->4319 4321 4042ad SendMessageA 4314->4321 4320 405378 24 API calls 4315->4320 4316->4317 4322 4055d0 4317->4322 4323 4055c2 SendMessageA 4317->4323 4318->4313 4324 405740 CreatePopupMenu 4318->4324 4319->4305 4320->4314 4321->4307 4326 4042d4 18 API calls 4322->4326 4323->4322 4325 4062ea 17 API calls 4324->4325 4327 405750 AppendMenuA 4325->4327 4328 4055e0 4326->4328 4329 405781 TrackPopupMenu 4327->4329 4330 40576e GetWindowRect 4327->4330 4331 4055e9 ShowWindow 4328->4331 4332 40561d GetDlgItem SendMessageA 4328->4332 4329->4313 4333 40579d 4329->4333 4330->4329 4334 40560c 4331->4334 4335 4055ff ShowWindow 4331->4335 4332->4313 4336 405644 SendMessageA SendMessageA 4332->4336 4337 4057bc SendMessageA 4333->4337 4343 404309 SendMessageA 4334->4343 4335->4334 4336->4313 4337->4337 4338 4057d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4337->4338 4340 4057fb SendMessageA 4338->4340 4340->4340 4341 40581d GlobalUnlock SetClipboardData CloseClipboard 4340->4341 4341->4313 4342->4303 4343->4332 4344->4304 4345 404ab7 4346 404ae3 4345->4346 4347 404ac7 4345->4347 4349 404b16 4346->4349 4350 404ae9 SHGetPathFromIDListA 4346->4350 4356 405951 GetDlgItemTextA 4347->4356 4352 404b00 SendMessageA 4350->4352 4353 404af9 4350->4353 4351 404ad4 SendMessageA 4351->4346 4352->4349 4355 40140b 2 API calls 4353->4355 4355->4352 4356->4351 4357 4014b7 4358 4014bd 4357->4358 4359 401389 2 API calls 4358->4359 4360 4014c5 4359->4360 3522 4015bb 3523 402c39 17 API calls 3522->3523 3524 4015c2 3523->3524 3525 405c82 4 API calls 3524->3525 3537 4015ca 3525->3537 3526 401624 3528 401652 3526->3528 3529 401629 3526->3529 3527 405c14 CharNextA 3527->3537 3532 401423 24 API calls 3528->3532 3530 401423 24 API calls 3529->3530 3531 401630 3530->3531 3541 406257 lstrcpynA 3531->3541 3538 40164a 3532->3538 3534 4058bb 2 API calls 3534->3537 3535 4058d8 5 API calls 3535->3537 3536 40163b SetCurrentDirectoryA 3536->3538 3537->3526 3537->3527 3537->3534 3537->3535 3539 40160c GetFileAttributesA 3537->3539 3540 40583e 4 API calls 3537->3540 3539->3537 3540->3537 3541->3536 4361 4016bb 4362 402c39 17 API calls 4361->4362 4363 4016c1 GetFullPathNameA 4362->4363 4364 4016d8 4363->4364 4370 4016f9 4363->4370 4367 4065ce 2 API calls 4364->4367 4364->4370 4365 402ac5 4366 40170d GetShortPathNameA 4366->4365 4368 4016e9 4367->4368 4368->4370 4371 406257 lstrcpynA 4368->4371 4370->4365 4370->4366 4371->4370 4372 40443f 4373 404455 4372->4373 4378 404561 4372->4378 4375 4042d4 18 API calls 4373->4375 4374 4045d0 4376 40469a 4374->4376 4377 4045da GetDlgItem 4374->4377 4379 4044ab 4375->4379 4384 40433b 8 API calls 4376->4384 4380 4045f0 4377->4380 4381 404658 4377->4381 4378->4374 4378->4376 4382 4045a5 GetDlgItem SendMessageA 4378->4382 4383 4042d4 18 API calls 4379->4383 4380->4381 4388 404616 SendMessageA LoadCursorA SetCursor 4380->4388 4381->4376 4389 40466a 4381->4389 4405 4042f6 EnableWindow 4382->4405 4386 4044b8 CheckDlgButton 4383->4386 4387 404695 4384->4387 4403 4042f6 EnableWindow 4386->4403 4406 4046e3 4388->4406 4393 404670 SendMessageA 4389->4393 4394 404681 4389->4394 4390 4045cb 4396 4046bf SendMessageA 4390->4396 4393->4394 4394->4387 4395 404687 SendMessageA 4394->4395 4395->4387 4396->4374 4397 4044d6 GetDlgItem 4404 404309 SendMessageA 4397->4404 4400 4044ec SendMessageA 4401 404513 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4400->4401 4402 40450a GetSysColor 4400->4402 4401->4387 4402->4401 4403->4397 4404->4400 4405->4390 4409 405933 ShellExecuteExA 4406->4409 4408 404649 LoadCursorA SetCursor 4408->4381 4409->4408

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00405A19 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 283 405a19-405a3f call 405cd7 286 405a41-405a53 DeleteFileA 283->286 287 405a58-405a5f 283->287 288 405be2-405be6 286->288 289 405a61-405a63 287->289 290 405a72-405a82 call 406257 287->290 291 405b90-405b95 289->291 292 405a69-405a6c 289->292 298 405a91-405a92 call 405c30 290->298 299 405a84-405a8f lstrcatA 290->299 291->288 294 405b97-405b9a 291->294 292->290 292->291 296 405ba4-405bac call 4065ce 294->296 297 405b9c-405ba2 294->297 296->288 307 405bae-405bc2 call 405be9 call 4059d1 296->307 297->288 300 405a97-405a9a 298->300 299->300 303 405aa5-405aab lstrcatA 300->303 304 405a9c-405aa3 300->304 306 405ab0-405ace lstrlenA FindFirstFileA 303->306 304->303 304->306 308 405ad4-405aeb call 405c14 306->308 309 405b86-405b8a 306->309 319 405bc4-405bc7 307->319 320 405bda-405bdd call 405378 307->320 317 405af6-405af9 308->317 318 405aed-405af1 308->318 309->291 311 405b8c 309->311 311->291 322 405afb-405b00 317->322 323 405b0c-405b1a call 406257 317->323 318->317 321 405af3 318->321 319->297 325 405bc9-405bd8 call 405378 call 406030 319->325 320->288 321->317 327 405b02-405b04 322->327 328 405b65-405b77 FindNextFileA 322->328 333 405b31-405b3c call 4059d1 323->333 334 405b1c-405b24 323->334 325->288 327->323 332 405b06-405b0a 327->332 328->308 331 405b7d-405b80 FindClose 328->331 331->309 332->323 332->328 343 405b5d-405b60 call 405378 333->343 344 405b3e-405b41 333->344 334->328 336 405b26-405b2f call 405a19 334->336 336->328 343->328 346 405b43-405b53 call 405378 call 406030 344->346 347 405b55-405b5b 344->347 346->328 347->328
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,?,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123), ref: 00405A42
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123), ref: 00405A8A
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123), ref: 00405AAB
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123), ref: 00405AB1
                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123), ref: 00405AC2
                                                                                                                                                                                                                                                                          • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6F
                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405B80
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • \*.*, xrefs: 00405A84
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A26
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*, xrefs: 00405A72, 00405A78, 00405A89, 00405ABF
                                                                                                                                                                                                                                                                          • "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123, xrefs: 00405A22
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsd1492.tmp\*.*$\*.*
                                                                                                                                                                                                                                                                          • API String ID: 2035342205-1316532375
                                                                                                                                                                                                                                                                          • Opcode ID: 6279d5409f9ac8fecf523039a44e07b92db75dbea9c2d76fe17a079ddec69c30
                                                                                                                                                                                                                                                                          • Instruction ID: 3775624a82358ee84ae0e61ef35c65b769ecc780556a32b7edc65eda158531b4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6279d5409f9ac8fecf523039a44e07b92db75dbea9c2d76fe17a079ddec69c30
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D351BD30904A08AADB22AB618C89FAF7B78DF42714F24417BF441752D2D77C6982DE6D
                                                                                                                                                                                                                                                                          Function 00402F0C Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 216 402f0c-402f5a GetTickCount GetModuleFileNameA call 405dea 219 402f66-402f94 call 406257 call 405c30 call 406257 GetFileSize 216->219 220 402f5c-402f61 216->220 228 402f9a 219->228 229 40307f-40308d call 402ea8 219->229 221 40313c-403140 220->221 231 402f9f-402fb6 228->231 235 4030e2-4030e7 229->235 236 40308f-403092 229->236 233 402fb8 231->233 234 402fba-402fc3 call 403355 231->234 233->234 241 4030e9-4030f1 call 402ea8 234->241 242 402fc9-402fd0 234->242 235->221 238 403094-4030ac call 40336b call 403355 236->238 239 4030b6-4030e0 GlobalAlloc call 40336b call 403143 236->239 238->235 263 4030ae-4030b4 238->263 239->235 267 4030f3-403104 239->267 241->235 245 402fd2-402fe6 call 405da5 242->245 246 40304c-403050 242->246 254 40305a-403060 245->254 265 402fe8-402fef 245->265 253 403052-403059 call 402ea8 246->253 246->254 253->254 256 403062-40306c call 40671a 254->256 257 40306f-403077 254->257 256->257 257->231 266 40307d 257->266 263->235 263->239 265->254 269 402ff1-402ff8 265->269 266->229 270 403106 267->270 271 40310c-403111 267->271 269->254 272 402ffa-403001 269->272 270->271 273 403112-403118 271->273 272->254 274 403003-40300a 272->274 273->273 275 40311a-403135 SetFilePointer call 405da5 273->275 274->254 276 40300c-40302c 274->276 278 40313a 275->278 276->235 279 403032-403036 276->279 278->221 280 403038-40303c 279->280 281 40303e-403046 279->281 280->266 280->281 281->254 282 403048-40304a 281->282 282->254
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402F1D
                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe,00000400,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F39
                                                                                                                                                                                                                                                                            • Part of subcall function 00405DEA: GetFileAttributesA.KERNEL32(00000003,00402F4C,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                                                                                                                                                                                                                                            • Part of subcall function 00405DEA: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405E10
                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe,C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe,80000000,00000003,?,?,004036FD,?,?,00000007), ref: 00402F85
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000007,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 004030BB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe, xrefs: 00402F23, 00402F32, 00402F46, 00402F66
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402F13
                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402F5C
                                                                                                                                                                                                                                                                          • @TA, xrefs: 00402F9A
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract, xrefs: 00402F67, 00402F6C, 00402F72
                                                                                                                                                                                                                                                                          • Inst, xrefs: 00402FF1
                                                                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 004030E2
                                                                                                                                                                                                                                                                          • soft, xrefs: 00402FFA
                                                                                                                                                                                                                                                                          • Null, xrefs: 00403003
                                                                                                                                                                                                                                                                          • "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123, xrefs: 00402F12
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123$@TA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract$C:\Users\user\AppData\Local\Temp\is-QLOFE.tmp\prod2_extract\WZSetup.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                                          • API String ID: 2803837635-1480003194
                                                                                                                                                                                                                                                                          • Opcode ID: 309384e8a46cee6475fa6f32bc227d3efb1737e1aadde640dca7e14b32c4e110
                                                                                                                                                                                                                                                                          • Instruction ID: 70ffca3bdba6f18ae0426a301ce6e6f0801d42355b595fcaf053b8d4d934ef0e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 309384e8a46cee6475fa6f32bc227d3efb1737e1aadde640dca7e14b32c4e110
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B351D371A01204ABDB20AF64DD85B9B7EBCEB1431AF60813BF500B62D1C7BC9E458B5D
                                                                                                                                                                                                                                                                          Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,PrepareUninstall,C:\Program Files (x86)\WeatherZero,00000000,00000000,00000031), ref: 00401798
                                                                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,PrepareUninstall,PrepareUninstall,00000000,00000000,PrepareUninstall,C:\Program Files (x86)\WeatherZero,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                                                                                                                                                            • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00000400,00403556,WeatherZero 1.0.0.9 Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrlenA.KERNEL32(0042A070,00000000,0042288B,76F923A0,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,0042A070,00000000,0042288B,76F923A0,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrcatA.KERNEL32(0042A070,0040329E,0040329E,0042A070,00000000,0042288B,76F923A0), ref: 004053D4
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SetWindowTextA.USER32(0042A070,0042A070), ref: 004053E6
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540C
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405426
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405434
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                          • String ID: C:\Program Files (x86)\WeatherZero$C:\Users\user\AppData\Local\Temp\nsd1492.tmp$C:\Users\user\AppData\Local\Temp\nsd1492.tmp\WeatherZeroNSISPlugin.dll$PrepareUninstall
                                                                                                                                                                                                                                                                          • API String ID: 1941528284-2377279688
                                                                                                                                                                                                                                                                          • Opcode ID: 8d3b5ae6c6b003efd18ab5b2e71d482c3699f1416a594a6df6e726509aa3855b
                                                                                                                                                                                                                                                                          • Instruction ID: 09a7a28129c88a40a5f98fd7d2104631a28ae03f955191848f4916981dc93f0e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d3b5ae6c6b003efd18ab5b2e71d482c3699f1416a594a6df6e726509aa3855b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E41B572900615BBCB207BB5CD45DAF3679EF05369F60823FF422B20E1D67C8A518A6D
                                                                                                                                                                                                                                                                          Function 00403143 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 524 403143-403157 525 403160-403169 524->525 526 403159 524->526 527 403172-403177 525->527 528 40316b 525->528 526->525 529 403187-403194 call 403355 527->529 530 403179-403182 call 40336b 527->530 528->527 534 403343 529->534 535 40319a-40319e 529->535 530->529 536 403345-403346 534->536 537 4031a4-4031ed GetTickCount 535->537 538 4032ee-4032f0 535->538 541 40334e-403352 536->541 542 4031f3-4031fb 537->542 543 40334b 537->543 539 403330-403333 538->539 540 4032f2-4032f5 538->540 544 403335 539->544 545 403338-403341 call 403355 539->545 540->543 546 4032f7 540->546 547 403200-40320e call 403355 542->547 548 4031fd 542->548 543->541 544->545 545->534 557 403348 545->557 551 4032fa-403300 546->551 547->534 556 403214-40321d 547->556 548->547 554 403302 551->554 555 403304-403312 call 403355 551->555 554->555 555->534 561 403314-403320 call 405e91 555->561 560 403223-403243 call 406788 556->560 557->543 566 4032e6-4032e8 560->566 567 403249-40325c GetTickCount 560->567 568 403322-40332c 561->568 569 4032ea-4032ec 561->569 566->536 570 4032a1-4032a3 567->570 571 40325e-403266 567->571 568->551 572 40332e 568->572 569->536 575 4032a5-4032a9 570->575 576 4032da-4032de 570->576 573 403268-40326c 571->573 574 40326e-40329e MulDiv wsprintfA call 405378 571->574 572->543 573->570 573->574 574->570 579 4032c0-4032cb 575->579 580 4032ab-4032b2 call 405e91 575->580 576->542 577 4032e4 576->577 577->543 581 4032ce-4032d2 579->581 584 4032b7-4032b9 580->584 581->560 585 4032d8 581->585 584->569 586 4032bb-4032be 584->586 585->543 586->581
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                                                                          • Opcode ID: 7025284360d03d8e766f027862492d7b6285ba9bc66dcabc93bb20b55c1b267b
                                                                                                                                                                                                                                                                          • Instruction ID: cc32688fb846b20799601ecf4724bdf5f6a604bb501928ae6cb5e0d1b862edc2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7025284360d03d8e766f027862492d7b6285ba9bc66dcabc93bb20b55c1b267b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10517C71800219ABDB10DFA5DA8469F7BB8EF44766F14817BEC41B72D0C7389A50CBA9
                                                                                                                                                                                                                                                                          Function 0040247E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 625 40247e-4024af call 402c39 * 2 call 402cc9 632 402ac5-402ad4 625->632 633 4024b5-4024bf 625->633 635 4024c1-4024ce call 402c39 lstrlenA 633->635 636 4024cf-4024d2 633->636 635->636 639 4024d4-4024e8 call 402c17 636->639 640 4024e9-4024ec 636->640 639->640 643 4024fd-402511 RegSetValueExA 640->643 644 4024ee-4024f8 call 403143 640->644 647 402513 643->647 648 402516-4025f3 RegCloseKey 643->648 644->643 647->648 648->632
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd1492.tmp,00000023,00000011,00000002), ref: 004024C9
                                                                                                                                                                                                                                                                          • RegSetValueExA.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsd1492.tmp,00000000,00000011,00000002), ref: 00402509
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsd1492.tmp,00000000,00000011,00000002), ref: 004025ED
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsd1492.tmp
                                                                                                                                                                                                                                                                          • API String ID: 2655323295-1506853721
                                                                                                                                                                                                                                                                          • Opcode ID: 295319e2c791f480c45178241e9784c9093b9fe0b9181941fb42c61741a372fd
                                                                                                                                                                                                                                                                          • Instruction ID: f3aadfd2260b8f93e823aa7e7f88ba76dab9d069632aeea64c5940af2cf5b862
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 295319e2c791f480c45178241e9784c9093b9fe0b9181941fb42c61741a372fd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E119371E04208BFEB20AFA59E49AAE7A74EB44714F21443FF504F71C1D6B94D409B68
                                                                                                                                                                                                                                                                          Function 00405E19 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 673 405e19-405e23 674 405e24-405e4f GetTickCount GetTempFileNameA 673->674 675 405e51-405e53 674->675 676 405e5e-405e60 674->676 675->674 677 405e55 675->677 678 405e58-405e5b 676->678 677->678
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405E2D
                                                                                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(0000000B,?,00000000,?,?,004033B1,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007), ref: 00405E47
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                          • API String ID: 1716503409-2113348990
                                                                                                                                                                                                                                                                          • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                                                                                                                                                                                                                          • Instruction ID: db84433a099d66a6ad53f3418d19e52f8fbd3804b66164b4918815a523437c08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF0A736348208BBEB109F56ED04B9B7B9CDF91B50F10C03BFA84DB180D6B5DA548798
                                                                                                                                                                                                                                                                          Function 00406663 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                                                                                                                                                                                                                                            • Part of subcall function 004065F5: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040660C
                                                                                                                                                                                                                                                                            • Part of subcall function 004065F5: wsprintfA.USER32 ref: 00406645
                                                                                                                                                                                                                                                                            • Part of subcall function 004065F5: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00406659
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4d0569fb13f52ba758ba0dc8838e9a6308561242633793a73e58d4c8114d4ccd
                                                                                                                                                                                                                                                                          • Instruction ID: 42df78af1693d05b1f4151e300c7058424afa75421c13d02aa0b0909378b53c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d0569fb13f52ba758ba0dc8838e9a6308561242633793a73e58d4c8114d4ccd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE086326042106BD3105B755E0493B73AC9E997103020D3EF94AF2140D7399C32966D
                                                                                                                                                                                                                                                                          Function 00403963 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,0040379A,?,?,00000007,00000009,0000000B), ref: 0040396E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsd1492.tmp\, xrefs: 00403982
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsd1492.tmp\
                                                                                                                                                                                                                                                                          • API String ID: 2962429428-2721172417
                                                                                                                                                                                                                                                                          • Opcode ID: 277f30cbe302f60db3aee089ff01cecb2e411bed247286758014d28a83891400
                                                                                                                                                                                                                                                                          • Instruction ID: 1200111adfac7592e79476d78741274177c0c64d242d418e9fed9ea5dab37cc8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 277f30cbe302f60db3aee089ff01cecb2e411bed247286758014d28a83891400
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1C01270544B046AC1247F759D8F9053A146B44736B604735B0B4F00F0C77C4659495E
                                                                                                                                                                                                                                                                          Function 0040610B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegCreateKeyExA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CEA,00000000,?,?), ref: 00406134
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                          • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                          • Instruction ID: f3dc4abaab06895e066b0b710936ca54da7b1f8b7a25aa4512e4b4def2a222e8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAE0E672110209BEEF195F50DC0AD7B371DEB14314F01452EF947D4091E6B5A9305634
                                                                                                                                                                                                                                                                          Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403368,00000000,00000000,00403192,000000FF,00000004,00000000,00000000,00000000), ref: 00405E76
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                          • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                                                                                                                                                                                                                          • Instruction ID: d159feaa40f66387c232a0365126d803d89e879c5a9a8176c13ce5bb2f202f1c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFE0B63221025AAFDF109F95DC00AAB7B6CEB05260F144437FD99E6150D671E961DAE4
                                                                                                                                                                                                                                                                          Function 0040336B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,004030D1,?,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00403379
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                                                                                                                          • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                                                                                                                                                                                                                          Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrlenA.KERNEL32(0042A070,00000000,0042288B,76F923A0,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,0042A070,00000000,0042288B,76F923A0,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: lstrcatA.KERNEL32(0042A070,0040329E,0040329E,0042A070,00000000,0042288B,76F923A0), ref: 004053D4
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SetWindowTextA.USER32(0042A070,0042A070), ref: 004053E6
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540C
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405426
                                                                                                                                                                                                                                                                            • Part of subcall function 00405378: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405434
                                                                                                                                                                                                                                                                            • Part of subcall function 004058F0: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,00000009,00000009,0000000B), ref: 00405919
                                                                                                                                                                                                                                                                            • Part of subcall function 004058F0: CloseHandle.KERNEL32(?), ref: 00405926
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FC0
                                                                                                                                                                                                                                                                            • Part of subcall function 004066D8: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E9
                                                                                                                                                                                                                                                                            • Part of subcall function 004066D8: GetExitCodeProcess.KERNEL32(?,?), ref: 0040670B
                                                                                                                                                                                                                                                                            • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1947226833.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947131817.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947314541.0000000000408000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000040A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.000000000042B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000430000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000435000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947357015.0000000000439000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1947792672.000000000043D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_400000_WZSetup.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2972824698-0
                                                                                                                                                                                                                                                                          • Opcode ID: bf6730e7619718112b71bb2de5ff766b245367cdc6e5ad6091da68d00fc25440
                                                                                                                                                                                                                                                                          • Instruction ID: 23637cbd659b7b2b5436305da43621c16b9f3eeb50dd0f89da281ea130073468
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf6730e7619718112b71bb2de5ff766b245367cdc6e5ad6091da68d00fc25440
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADF0B432905221DBCB20BFA54E88CEFB2A49F05318B24463FF502B21D1CBBC0D415AAE